OrgACRN
/
acrn-kernel
mirror of https://github.com/projectacrn/acrn-kernel.git
1
0
Fork 0
Code Issues Releases Wiki Activity
acrn-kernel/mm
History
Miaohe Lin 4ad099559b mm/mempolicy: fix mpol_new leak in shared_policy_replace 
If mpol_new is allocated but not used in restart loop, mpol_new will be
freed via mpol_put before returning to the caller.  But refcnt is not
initialized yet, so mpol_put could not do the right things and might
leak the unused mpol_new.  This would happen if mempolicy was updated on
the shared shmem file while the sp->lock has been dropped during the
memory allocation.

This issue could be triggered easily with the below code snippet if
there are many processes doing the below work at the same time:

  shmid = shmget((key_t)5566, 1024 * PAGE_SIZE, 0666|IPC_CREAT);
  shm = shmat(shmid, 0, 0);
  loop many times {
    mbind(shm, 1024 * PAGE_SIZE, MPOL_LOCAL, mask, maxnode, 0);
    mbind(shm + 128 * PAGE_SIZE, 128 * PAGE_SIZE, MPOL_DEFAULT, mask,
          maxnode, 0);
  }

Link: https://lkml.kernel.org/r/20220329111416.27954-1-linmiaohe@huawei.com
Fixes: 42288fe366 ("mm: mempolicy: Convert shared_policy mutex to spinlock")
Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Cc: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Cc: Mel Gorman <mgorman@suse.de>
Cc: <stable@vger.kernel.org>	[3.8]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
 		2022-04-08 14:20:36 -10:00
..
damon mm/damon: prevent activated scheme from sleeping by deactivated schemes 2022-04-01 11:46:09 -07:00
kasan kasan: disable LOCKDEP when printing reports 2022-03-24 19:06:50 -07:00
kfence mm: kfence: fix objcgs vector allocation 2022-04-01 11:46:09 -07:00
Kconfig mm: generalize ARCH_HAS_FILTER_PGPROT 2022-03-24 19:06:51 -07:00
Kconfig.debug
Makefile mm: move the migrate_vma_* device migration code into its own file 2022-03-03 12:47:33 -05:00
backing-dev.c remove congestion tracking framework 2022-03-22 15:57:01 -07:00
balloon_compaction.c mm/balloon_compaction: make balloon page compaction callbacks static 2022-03-28 16:52:57 -04:00
bootmem_info.c
cma.c mm/cma: provide option to opt out from exposing pages on activation failure 2022-03-22 15:57:09 -07:00
cma.h mm/cma: provide option to opt out from exposing pages on activation failure 2022-03-22 15:57:09 -07:00
cma_debug.c
cma_sysfs.c
compaction.c mm: compaction: cleanup the compaction trace events 2022-03-22 15:57:09 -07:00
debug.c mm: unexport page_init_poison 2022-03-24 19:06:45 -07:00
debug_page_ref.c
debug_vm_pgtable.c mm/debug_vm_pgtable: remove pte entry from the page table 2022-02-04 09:25:04 -08:00
dmapool.c
early_ioremap.c mm/early_ioremap: declare early_memremap_pgprot_adjust() 2022-03-22 15:57:11 -07:00
fadvise.c remove inode_congested() 2022-03-22 15:57:01 -07:00
failslab.c
filemap.c fs: Pass an iocb to generic_perform_write() 2022-04-01 14:40:44 -04:00
folio-compat.c mm/rmap: Convert rmap_walk() to take a folio 2022-03-21 13:01:35 -04:00
frontswap.c
gup.c mm/munlock: add lru_add_drain() to fix memcg_stat_test 2022-04-01 11:46:09 -07:00
gup_test.c
gup_test.h
highmem.c highmem: fix checks in __kmap_local_sched_{in,out} 2022-04-08 14:20:36 -10:00
hmm.c mm/hmm.c: remove unneeded local variable ret 2022-03-22 15:57:12 -07:00
huge_memory.c mm/huge_memory: remove stale locking logic from __split_huge_pmd() 2022-03-24 19:06:51 -07:00
hugetlb.c Folio changes for 5.18 2022-03-22 17:03:12 -07:00
hugetlb_cgroup.c
hugetlb_vmemmap.c mm: hugetlb: replace hugetlb_free_vmemmap_enabled with a static_key 2022-03-22 15:57:08 -07:00
hugetlb_vmemmap.h
hwpoison-inject.c mm/hwpoison: avoid the impact of hwpoison_filter() return value on mce handler 2022-03-22 15:57:07 -07:00
init-mm.c kernel/fork: Initialize mm's PASID 2022-02-14 19:51:47 +01:00
internal.h mm/munlock: protect the per-CPU pagevec by a local_lock_t 2022-04-01 11:46:09 -07:00
interval_tree.c
io-mapping.c
ioremap.c
khugepaged.c mm/khugepaged: remove reuse_swap_page() usage 2022-03-24 19:06:51 -07:00
kmemleak.c mm/kmemleak: reset tag when compare object pointer 2022-04-01 11:46:09 -07:00
ksm.c Folio changes for 5.18 2022-03-22 17:03:12 -07:00
list_lru.c mm/list_lru: optimize memcg_reparent_list_lru_node() 2022-03-22 15:57:08 -07:00
maccess.c asm-generic updates for 5.18 2022-03-23 18:03:08 -07:00
madvise.c Revert "mm: madvise: skip unmapped vma holes passed to process_madvise" 2022-04-01 11:46:09 -07:00
mapping_dirty_helpers.c
memblock.c memblock: test suite and a small cleanup 2022-03-27 13:36:06 -07:00
memcontrol.c ptrace: Cleanups for v5.18 2022-03-28 17:29:53 -07:00
memfd.c memfd: fix F_SEAL_WRITE after shmem huge page allocated 2022-03-05 11:08:32 -08:00
memory-failure.c Folio changes for 5.18 2022-03-22 17:03:12 -07:00
memory.c mm,hwpoison: unmap poisoned page before invalidation 2022-04-01 11:46:09 -07:00
memory_hotplug.c Folio changes for 5.18 2022-03-22 17:03:12 -07:00
mempolicy.c mm/mempolicy: fix mpol_new leak in shared_policy_replace 2022-04-08 14:20:36 -10:00
mempool.c
memremap.c mm: delete __ClearPageWaiters() 2022-03-24 19:06:45 -07:00
memtest.c
migrate.c mm: migrate: use thp_order instead of HPAGE_PMD_ORDER for new page allocation. 2022-04-08 14:20:36 -10:00
migrate_device.c mm/migrate: Convert remove_migration_ptes() to folios 2022-03-21 13:01:35 -04:00
mincore.c
mlock.c mm/munlock: protect the per-CPU pagevec by a local_lock_t 2022-04-01 11:46:09 -07:00
mm_init.c
mmap.c Folio changes for 5.18 2022-03-22 17:03:12 -07:00
mmap_lock.c
mmu_gather.c
mmu_notifier.c
mmzone.c Folio changes for 5.18 2022-03-22 17:03:12 -07:00
mprotect.c memory tiering: skip to scan fast memory 2022-03-22 15:57:09 -07:00
mremap.c mmmremap.c: avoid pointless invalidate_range_start/end on mremap(old_size=0) 2022-04-08 14:20:36 -10:00
msync.c
nommu.c
oom_kill.c Folio changes for 5.18 2022-03-22 17:03:12 -07:00
page-writeback.c mm: warn on deleting redirtied only if accounted 2022-03-24 19:06:51 -07:00
page_alloc.c mm/munlock: protect the per-CPU pagevec by a local_lock_t 2022-04-01 11:46:09 -07:00
page_counter.c
page_ext.c
page_idle.c mm/rmap: Constify the rmap_walk_control argument 2022-03-21 13:01:35 -04:00
page_io.c Filesystem folio changes for 5.18 2022-03-22 18:26:56 -07:00
page_isolation.c Revert "mm/page_isolation: unset migratetype directly for non Buddy page" 2022-02-04 09:25:04 -08:00
page_owner.c mm/page_owner.c: record tgid 2022-03-24 19:06:44 -07:00
page_poison.c
page_reporting.c
page_reporting.h
page_table_check.c mm/page_table_check.c: use strtobool for param parsing 2022-03-22 15:57:11 -07:00
page_vma_mapped.c mm: Convert page_vma_mapped_walk to work on PFNs 2022-03-21 12:59:02 -04:00
pagewalk.c
percpu-internal.h
percpu-km.c
percpu-stats.c mm: use vmalloc_array and vcalloc for array allocations 2022-03-08 09:30:46 -05:00
percpu-vm.c
percpu.c bitmap patches for 5.17-rc1 2022-01-23 06:20:44 +02:00
pgalloc-track.h
pgtable-generic.c
process_vm_access.c
ptdump.c mm: sparsemem: use page table lock to protect kernel pmd operations 2022-03-22 15:57:08 -07:00
readahead.c readahead: Update comments 2022-04-01 14:40:42 -04:00
rmap.c mm/munlock: protect the per-CPU pagevec by a local_lock_t 2022-04-01 11:46:09 -07:00
rodata_test.c
secretmem.c fs: Convert __set_page_dirty_no_writeback to noop_dirty_folio 2022-03-16 13:37:05 -04:00
shmem.c Filesystem folio changes for 5.18 2022-03-22 18:26:56 -07:00
shuffle.c
shuffle.h
slab.c mm: kfence: fix missing objcg housekeeping for SLAB 2022-03-27 18:47:00 -07:00
slab.h mm: introduce kmem_cache_alloc_lru 2022-03-22 15:57:03 -07:00
slab_common.c mm/slab_common: use helper function is_power_of_2() 2022-02-21 11:38:12 +01:00
slob.c slab updates for 5.18 2022-03-23 12:33:21 -07:00
slub.c slab updates for 5.18 2022-03-23 12:33:21 -07:00
sparse-vmemmap.c mm: sparsemem: move vmemmap related to HugeTLB to CONFIG_HUGETLB_PAGE_FREE_VMEMMAP 2022-03-22 15:57:08 -07:00
sparse.c mm/sparse: make mminit_validate_memmodel_limits() static 2022-03-22 15:57:05 -07:00
swap.c mm/munlock: protect the per-CPU pagevec by a local_lock_t 2022-04-01 11:46:09 -07:00
swap_cgroup.c mm: use vmalloc_array and vcalloc for array allocations 2022-03-08 09:30:46 -05:00
swap_slots.c
swap_state.c Filesystem folio changes for 5.18 2022-03-22 18:26:56 -07:00
swapfile.c mm/swapfile: remove stale reuse_swap_page() 2022-03-24 19:06:51 -07:00
truncate.c Filesystem folio changes for 5.18 2022-03-22 18:26:56 -07:00
usercopy.c Merge branch 'akpm' (patches from Andrew) 2022-03-22 16:11:53 -07:00
userfaultfd.c Folio changes for 5.18 2022-03-22 17:03:12 -07:00
util.c ARM: 2022-03-24 11:58:57 -07:00
vmacache.c
vmalloc.c kasan, vmalloc: only tag normal vmalloc allocations 2022-03-24 19:06:48 -07:00
vmpressure.c
vmscan.c Folio changes for 5.18 2022-03-22 17:03:12 -07:00
vmstat.c mm: only re-generate demotion targets when a numa node changes its N_CPU state 2022-03-22 15:57:11 -07:00
workingset.c Folio changes for 5.18 2022-03-22 17:03:12 -07:00
z3fold.c
zbud.c
zpool.c
zsmalloc.c
zswap.c mm/zswap.c: allow handling just same-value filled pages 2022-03-22 15:57:11 -07:00