All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Kirill A. Shutemov" <kirill@shutemov.name>
To: "Jakub Matěna" <matenajakub@gmail.com>
Cc: linux-mm@kvack.org, patches@lists.linux.dev,
	linux-kernel@vger.kernel.org, vbabka@suse.cz, mhocko@kernel.org,
	mgorman@techsingularity.net, willy@infradead.org,
	liam.howlett@oracle.com, hughd@google.com, riel@surriel.com,
	rostedt@goodmis.org, peterz@infradead.org, david@redhat.com
Subject: Re: [RFC PATCH v3 2/6] [PATCH 2/6] mm: add merging after mremap resize
Date: Fri, 20 May 2022 16:41:24 +0300	[thread overview]
Message-ID: <20220520134124.6glbfzhrgzutfor6@box.shutemov.name> (raw)
In-Reply-To: <20220516125405.1675-3-matenajakub@gmail.com>

On Mon, May 16, 2022 at 02:54:01PM +0200, Jakub Matěna wrote:
> When mremap call results in expansion, it might be possible to merge the
> VMA with the next VMA which might become adjacent. This patch adds
> vma_merge call after the expansion is done to try and merge.
> 
> Signed-off-by: Jakub Matěna <matenajakub@gmail.com>
> ---
>  mm/mremap.c | 7 +++++--
>  1 file changed, 5 insertions(+), 2 deletions(-)
> 
> diff --git a/mm/mremap.c b/mm/mremap.c
> index 303d3290b938..75cda854ec58 100644
> --- a/mm/mremap.c
> +++ b/mm/mremap.c
> @@ -9,6 +9,7 @@
>   */
>  
>  #include <linux/mm.h>
> +#include <linux/mm_inline.h>
>  #include <linux/hugetlb.h>
>  #include <linux/shm.h>
>  #include <linux/ksm.h>
> @@ -1022,8 +1023,10 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len,
>  				}
>  			}
>  
> -			if (vma_adjust(vma, vma->vm_start, addr + new_len,
> -				       vma->vm_pgoff, NULL)) {
> +			if (!vma_merge(mm, vma, addr + old_len, addr + new_len,
> +					vma->vm_flags, vma->anon_vma, vma->vm_file,
> +					vma->vm_pgoff + (old_len >> PAGE_SHIFT), vma_policy(vma),
> +					vma->vm_userfaultfd_ctx, anon_vma_name(vma))) {

Hm. Don't you need to update 'vma' with result of vma_merge()?

'vma' is used below the point and IIUC it can be use-after-free.

-- 
 Kirill A. Shutemov

  parent reply	other threads:[~2022-05-20 13:39 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-05-16 12:53 [RFC PATCH v3 0/6] Removing limitations of merging anonymous VMAs Jakub Matěna
2022-05-16 12:54 ` [RFC PATCH v3 1/6] [PATCH 1/6] mm: refactor of vma_merge() Jakub Matěna
2022-05-20 13:28   ` Kirill A. Shutemov
2022-05-20 15:52     ` Jakub Matěna
2022-05-16 12:54 ` [RFC PATCH v3 2/6] [PATCH 2/6] mm: add merging after mremap resize Jakub Matěna
2022-05-16 21:05   ` kernel test robot
2022-05-20 13:41   ` Kirill A. Shutemov [this message]
2022-05-20 14:48     ` Jakub Matěna
2022-05-16 12:54 ` [RFC PATCH v3 3/6] [PATCH 3/6] mm: add migration waiting and rmap locking to pagewalk Jakub Matěna
2022-05-16 21:46   ` kernel test robot
2022-05-16 12:54 ` [RFC PATCH v3 4/6] [PATCH 4/6] mm: adjust page offset in mremap Jakub Matěna
2022-05-19  8:39   ` [mm] df8ef36a21: kernel_BUG_at_lib/list_debug.c kernel test robot
2022-05-19  8:39     ` kernel test robot
2022-05-16 12:54 ` [RFC PATCH v3 5/6] [PATCH 5/6] mm: enable merging of VMAs with different anon_vmas Jakub Matěna
2022-05-19  8:01   ` [mm] d0a63efe2f: WARNING:at_mm/rmap.c:#reconnect_page_pte kernel test robot
2022-05-19  8:01     ` kernel test robot
2022-05-16 12:54 ` [RFC PATCH v3 6/6] [PATCH 6/6] mm: add tracing for VMA merges Jakub Matěna
2022-05-25 14:05   ` Steven Rostedt
2022-05-17 16:44 ` [RFC PATCH v3 0/6] Removing limitations of merging anonymous VMAs Kirill A. Shutemov
2022-05-20 12:22   ` Vlastimil Babka
2022-05-18  5:03 [RFC PATCH v3 3/6] [PATCH 3/6] mm: add migration waiting and rmap locking to pagewalk kernel test robot
2022-05-18  5:41 ` Dan Carpenter

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220520134124.6glbfzhrgzutfor6@box.shutemov.name \
    --to=kirill@shutemov.name \
    --cc=david@redhat.com \
    --cc=hughd@google.com \
    --cc=liam.howlett@oracle.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=matenajakub@gmail.com \
    --cc=mgorman@techsingularity.net \
    --cc=mhocko@kernel.org \
    --cc=patches@lists.linux.dev \
    --cc=peterz@infradead.org \
    --cc=riel@surriel.com \
    --cc=rostedt@goodmis.org \
    --cc=vbabka@suse.cz \
    --cc=willy@infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.