@@ -605,7 +605,7 @@ static inline void vma_complete(struct vma_prepare *vp,
/*
* In mprotect's case 6 (see comments on vma_merge),
- * we must remove the one after next as well.
+ * we are removing both mid and next vma's
*/
if (vp->remove2) {
vp->remove = vp->remove2;
@@ -948,13 +948,14 @@ struct vm_area_struct *vma_merge(struct vma_iterator *vmi, struct mm_struct *mm,
/* Can we merge both the predecessor and the successor? */
if (merge_prev && merge_next &&
is_mergeable_anon_vma(prev->anon_vma, next->anon_vma, NULL)) {
- remove = mid; /* case 1 */
+ remove = next; /* case 1 */
vma_end = next->vm_end;
- err = dup_anon_vma(prev, mid);
+ err = dup_anon_vma(prev, next);
if (mid != next) { /* case 6 */
+ remove = mid;
remove2 = next;
- if (!mid->anon_vma)
- err = dup_anon_vma(prev, next);
+ if (!next->anon_vma)
+ err = dup_anon_vma(prev, mid);
}
} else if (merge_prev) {
err = 0; /* case 2 */
Case 1 is now shown in the comment as next vma being merged with prev, so use 'next' instead of 'mid'. In case 1 they both point to the same vma. As a consequence, in case 6, the dup_anon_vma() is now tried first on 'next' and then on 'mid', before it was the opposite order. This is not a functional change, as those two vma's cannnot have a different anon_vma, as that would have prevented the merging in the first place. Signed-off-by: Vlastimil Babka <vbabka@suse.cz> --- mm/mmap.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-)