On 06/17, Al Viro wrote:
>
> On Wed, Jun 17, 2015 at 01:39:06AM +0100, Al Viro wrote:
>
> > Huh? kill_ioctx() picks ctx->mmap_base and passes it to vm_munmap().
> > Which tries to grab mmap_sem, blocks for mremap() from another thread
> > and waits for it to drop mmap_sem. By that time ctx->mmap_base has
> > nothing whatsoever to the argument we'd passed to vm_munmap(). Sure,
> > it had been recalculated by aio_ring_remap(), but it's too late for
> > us - we'd already fetched the old value.
>
> And yes, the leak you've spotted is real, but I would very much prefer
> to avoid that goto - something like this instead:
>
> diff --git a/mm/mremap.c b/mm/mremap.c
> index 034e2d3..b36b530 100644
> --- a/mm/mremap.c
> +++ b/mm/mremap.c
> @@ -291,7 +291,10 @@ static unsigned long move_vma(struct vm_area_struct *vma,
> if (err < 0) {
> move_page_tables(new_vma, new_addr, vma, old_addr,
> moved_len, true);
> - return err;
> + vma = new_vma;
> + old_len = new_len;
> + old_addr = new_addr;
> + new_addr = err;
Personally, I'd really prefer to factor out at least this
move_page_tables() with six args. Although I agree, "goto previous_if"
doesn't look nice too, this needs cleanup.
But this is minor. I am already sleeping, most probably I misread
this code. But it seems that there is another bug with VM_ACCOUNT.
I'll recheck tomorrow and write another email.
Oleg.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
