On 06/17, Al Viro wrote: > > On Wed, Jun 17, 2015 at 01:39:06AM +0100, Al Viro wrote: > > > Huh? kill_ioctx() picks ctx->mmap_base and passes it to vm_munmap(). > > Which tries to grab mmap_sem, blocks for mremap() from another thread > > and waits for it to drop mmap_sem. By that time ctx->mmap_base has > > nothing whatsoever to the argument we'd passed to vm_munmap(). Sure, > > it had been recalculated by aio_ring_remap(), but it's too late for > > us - we'd already fetched the old value. > > And yes, the leak you've spotted is real, but I would very much prefer > to avoid that goto - something like this instead: > > diff --git a/mm/mremap.c b/mm/mremap.c > index 034e2d3..b36b530 100644 > --- a/mm/mremap.c > +++ b/mm/mremap.c > @@ -291,7 +291,10 @@ static unsigned long move_vma(struct vm_area_struct *vma, > if (err < 0) { > move_page_tables(new_vma, new_addr, vma, old_addr, > moved_len, true); > - return err; > + vma = new_vma; > + old_len = new_len; > + old_addr = new_addr; > + new_addr = err;
Personally, I'd really prefer to factor out at least this move_page_tables() with six args. Although I agree, "goto previous_if" doesn't look nice too, this needs cleanup. But this is minor. I am already sleeping, most probably I misread this code. But it seems that there is another bug with VM_ACCOUNT. I'll recheck tomorrow and write another email. Oleg. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/