summaryrefslogtreecommitdiffstats
path: root/mm/mmap.c
diff options
context:
space:
mode:
authorAndrew Morton <akpm@linux-foundation.org>2022-12-10 04:31:11 +0100
committerAndrew Morton <akpm@linux-foundation.org>2022-12-10 04:31:11 +0100
commit3b91010500eba3601e906b0e92cf84fab4d895d1 (patch)
tree6724b9c611dc32115bb2e0d7a6f45d007830b2b8 /mm/mmap.c
parentmm/memory-failure.c: cleanup in unpoison_memory (diff)
parentmemcg: fix possible use-after-free in memcg_write_event_control() (diff)
downloadlinux-3b91010500eba3601e906b0e92cf84fab4d895d1.tar.xz
linux-3b91010500eba3601e906b0e92cf84fab4d895d1.zip
Merge branch 'mm-hotfixes-stable' into mm-stable
Diffstat (limited to 'mm/mmap.c')
-rw-r--r--mm/mmap.c14
1 files changed, 4 insertions, 10 deletions
diff --git a/mm/mmap.c b/mm/mmap.c
index 4624ff3ded29..1741273ac34c 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -226,8 +226,7 @@ SYSCALL_DEFINE1(brk, unsigned long, brk)
/* Search one past newbrk */
mas_set(&mas, newbrk);
brkvma = mas_find(&mas, oldbrk);
- BUG_ON(brkvma == NULL);
- if (brkvma->vm_start >= oldbrk)
+ if (!brkvma || brkvma->vm_start >= oldbrk)
goto out; /* mapping intersects with an existing non-brk vma. */
/*
* mm->brk must be protected by write mmap_lock.
@@ -2949,9 +2948,9 @@ static int do_brk_flags(struct ma_state *mas, struct vm_area_struct *vma,
* Expand the existing vma if possible; Note that singular lists do not
* occur after forking, so the expand will only happen on new VMAs.
*/
- if (vma &&
- (!vma->anon_vma || list_is_singular(&vma->anon_vma_chain)) &&
- ((vma->vm_flags & ~VM_SOFTDIRTY) == flags)) {
+ if (vma && vma->vm_end == addr && !vma_policy(vma) &&
+ can_vma_merge_after(vma, flags, NULL, NULL,
+ addr >> PAGE_SHIFT, NULL_VM_UFFD_CTX, NULL)) {
mas_set_range(mas, vma->vm_start, addr + len - 1);
if (mas_preallocate(mas, vma, GFP_KERNEL))
return -ENOMEM;
@@ -3038,11 +3037,6 @@ int vm_brk_flags(unsigned long addr, unsigned long request, unsigned long flags)
goto munmap_failed;
vma = mas_prev(&mas, 0);
- if (!vma || vma->vm_end != addr || vma_policy(vma) ||
- !can_vma_merge_after(vma, flags, NULL, NULL,
- addr >> PAGE_SHIFT, NULL_VM_UFFD_CTX, NULL))
- vma = NULL;
-
ret = do_brk_flags(&mas, vma, addr, len, flags);
populate = ((mm->def_flags & VM_LOCKED) != 0);
mmap_write_unlock(mm);