[PATCH] mm/mremap: fix memory account on do_munmap() failure

[PATCH] mm/mremap: fix memory account on do_munmap() failure

[Chen Wandun]

mremap will account the delta between new_len and old_len in
vma_to_resize, and then call move_vma when expanding an existing
memory mapping. In function move_vma, there are two scenarios when
calling do_munmap:
1. move_page_tables from old_addr to new_addr success
2. move_page_tables from old_addr to new_addr fail

In first scenario, it should account old_len if do_munmap fail,
because the delta has already been accounted.

In second scenario, new_addr/new_len will assign to old_addr/old_len
if move_page_table fail, so do_munmap is try to unmap new_addr actually,
if do_munmap fail, it should account the new_len, because error code
will be return from move_vma, and delta will be unaccounted.
What'more, because of new_len == old_len, so account old_len also is
OK.

In summary, account old_len will be correct if do_munmap fail.

Fixes: 51df7bcb6151 ("mm/mremap: account memory on do_munmap() failure")
Signed-off-by: Chen Wandun <chenwandun@huawei.com>
---
 mm/mremap.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mm/mremap.c b/mm/mremap.c
index 5989d3990020..badfe17ade1f 100644
--- a/mm/mremap.c
+++ b/mm/mremap.c
@@ -686,7 +686,7 @@ static unsigned long move_vma(struct vm_area_struct *vma,
 	if (do_munmap(mm, old_addr, old_len, uf_unmap) < 0) {
 		/* OOM: unable to split vma, just get accounts right */
 		if (vm_flags & VM_ACCOUNT && !(flags & MREMAP_DONTUNMAP))
-			vm_acct_memory(new_len >> PAGE_SHIFT);
+			vm_acct_memory(old_len >> PAGE_SHIFT);
 		excess = 0;
 	}
 
-- 
2.25.1

Re: [PATCH] mm/mremap: fix memory account on do_munmap() failure

[Andrew Morton]

On Sat, 17 Jul 2021 18:19:42 +0800 Chen Wandun <chenwandun@huawei.com> wrote:

> mremap will account the delta between new_len and old_len in
> vma_to_resize, and then call move_vma when expanding an existing
> memory mapping. In function move_vma, there are two scenarios when
> calling do_munmap:
> 1. move_page_tables from old_addr to new_addr success
> 2. move_page_tables from old_addr to new_addr fail
> 
> In first scenario, it should account old_len if do_munmap fail,
> because the delta has already been accounted.
> 
> In second scenario, new_addr/new_len will assign to old_addr/old_len
> if move_page_table fail, so do_munmap is try to unmap new_addr actually,
> if do_munmap fail, it should account the new_len, because error code
> will be return from move_vma, and delta will be unaccounted.
> What'more, because of new_len == old_len, so account old_len also is
> OK.
> 
> In summary, account old_len will be correct if do_munmap fail.

Sorry, but I'm having trouble following that description.  Dmitry, could
you please review this change and then assist in clarifying the
changelog text?

Also, could it be argued that we're doing this in the wrong place? 
Should it be the responsibility of do_munmap() to fix up the accounting
if it is going to return an error?  Rather than expecting the
do_munmap() caller to fix up do_munmap()'s mess?

Thirdly, is the comment in there true?  Does this accounting error only
occur due to ENOMEM?  If that is the case then I am inclined not to
backport this fix into -stable kernels, as the error is so unlikely to
be triggered.  Thoughts on this?