diff options
author | Andrew Morton <akpm@linux-foundation.org> | 2022-12-10 04:31:11 +0100 |
---|---|---|
committer | Andrew Morton <akpm@linux-foundation.org> | 2022-12-10 04:31:11 +0100 |
commit | 3b91010500eba3601e906b0e92cf84fab4d895d1 (patch) | |
tree | 6724b9c611dc32115bb2e0d7a6f45d007830b2b8 /mm/mmap.c | |
parent | mm/memory-failure.c: cleanup in unpoison_memory (diff) | |
parent | memcg: fix possible use-after-free in memcg_write_event_control() (diff) | |
download | linux-3b91010500eba3601e906b0e92cf84fab4d895d1.tar.xz linux-3b91010500eba3601e906b0e92cf84fab4d895d1.zip |
Merge branch 'mm-hotfixes-stable' into mm-stable
Diffstat (limited to 'mm/mmap.c')
-rw-r--r-- | mm/mmap.c | 14 |
1 files changed, 4 insertions, 10 deletions
diff --git a/mm/mmap.c b/mm/mmap.c index 4624ff3ded29..1741273ac34c 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -226,8 +226,7 @@ SYSCALL_DEFINE1(brk, unsigned long, brk) /* Search one past newbrk */ mas_set(&mas, newbrk); brkvma = mas_find(&mas, oldbrk); - BUG_ON(brkvma == NULL); - if (brkvma->vm_start >= oldbrk) + if (!brkvma || brkvma->vm_start >= oldbrk) goto out; /* mapping intersects with an existing non-brk vma. */ /* * mm->brk must be protected by write mmap_lock. @@ -2949,9 +2948,9 @@ static int do_brk_flags(struct ma_state *mas, struct vm_area_struct *vma, * Expand the existing vma if possible; Note that singular lists do not * occur after forking, so the expand will only happen on new VMAs. */ - if (vma && - (!vma->anon_vma || list_is_singular(&vma->anon_vma_chain)) && - ((vma->vm_flags & ~VM_SOFTDIRTY) == flags)) { + if (vma && vma->vm_end == addr && !vma_policy(vma) && + can_vma_merge_after(vma, flags, NULL, NULL, + addr >> PAGE_SHIFT, NULL_VM_UFFD_CTX, NULL)) { mas_set_range(mas, vma->vm_start, addr + len - 1); if (mas_preallocate(mas, vma, GFP_KERNEL)) return -ENOMEM; @@ -3038,11 +3037,6 @@ int vm_brk_flags(unsigned long addr, unsigned long request, unsigned long flags) goto munmap_failed; vma = mas_prev(&mas, 0); - if (!vma || vma->vm_end != addr || vma_policy(vma) || - !can_vma_merge_after(vma, flags, NULL, NULL, - addr >> PAGE_SHIFT, NULL_VM_UFFD_CTX, NULL)) - vma = NULL; - ret = do_brk_flags(&mas, vma, addr, len, flags); populate = ((mm->def_flags & VM_LOCKED) != 0); mmap_write_unlock(mm); |