| Message ID | 20230929183041.2835469-4-Liam.Howlett@oracle.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | Fixes for vma_merge() error path | expand |
On Fri, Sep 29, 2023 at 02:30:41PM -0400, Liam R. Howlett wrote: > When tracing through the code in vma_merge(), it was not completely > clear why the error return to a dup_anon_vma() call would not overwrite > a previous attempt to the same function. This commit adds a comment > specifying why it is safe. > > Suggested-by: Jann Horn <jannh@google.com> > Link: https://lore.kernel.org/linux-mm/CAG48ez3iDwFPR=Ed1BfrNuyUJPMK_=StjxhUsCkL6po1s7bONg@mail.gmail.com/ > Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com> > --- > mm/mmap.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/mm/mmap.c b/mm/mmap.c > index f9f0a5fe4db4..9967acbd070f 100644 > --- a/mm/mmap.c > +++ b/mm/mmap.c > @@ -943,6 +943,11 @@ struct vm_area_struct *vma_merge(struct vma_iterator *vmi, struct mm_struct *mm, > vma_start_write(curr); > remove = curr; > remove2 = next; > + /* > + * Note that the dup_anon_vma below cannot overwrite err > + * since the first caller would do nothing unless next > + * has an anon_vma. > + */ > if (!next->anon_vma) > err = dup_anon_vma(prev, curr, &anon_dup); > } > -- > 2.40.1 > Nice comment! It causes me to sick up a bit in my mouth that this is a thing, but it's good to have it documented. Reviewed-by: Lorenzo Stoakes <lstoakes@gmail.com>
On 9/29/23 20:30, Liam R. Howlett wrote: > When tracing through the code in vma_merge(), it was not completely > clear why the error return to a dup_anon_vma() call would not overwrite > a previous attempt to the same function. This commit adds a comment > specifying why it is safe. > > Suggested-by: Jann Horn <jannh@google.com> > Link: https://lore.kernel.org/linux-mm/CAG48ez3iDwFPR=Ed1BfrNuyUJPMK_=StjxhUsCkL6po1s7bONg@mail.gmail.com/ > Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com> Acked-by: Vlastimil Babka <vbabka@suse.cz> > --- > mm/mmap.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/mm/mmap.c b/mm/mmap.c > index f9f0a5fe4db4..9967acbd070f 100644 > --- a/mm/mmap.c > +++ b/mm/mmap.c > @@ -943,6 +943,11 @@ struct vm_area_struct *vma_merge(struct vma_iterator *vmi, struct mm_struct *mm, > vma_start_write(curr); > remove = curr; > remove2 = next; > + /* > + * Note that the dup_anon_vma below cannot overwrite err > + * since the first caller would do nothing unless next > + * has an anon_vma. > + */ > if (!next->anon_vma) > err = dup_anon_vma(prev, curr, &anon_dup); > }
diff --git a/mm/mmap.c b/mm/mmap.c index f9f0a5fe4db4..9967acbd070f 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -943,6 +943,11 @@ struct vm_area_struct *vma_merge(struct vma_iterator *vmi, struct mm_struct *mm, vma_start_write(curr); remove = curr; remove2 = next; + /* + * Note that the dup_anon_vma below cannot overwrite err + * since the first caller would do nothing unless next + * has an anon_vma. + */ if (!next->anon_vma) err = dup_anon_vma(prev, curr, &anon_dup); }
When tracing through the code in vma_merge(), it was not completely clear why the error return to a dup_anon_vma() call would not overwrite a previous attempt to the same function. This commit adds a comment specifying why it is safe. Suggested-by: Jann Horn <jannh@google.com> Link: https://lore.kernel.org/linux-mm/CAG48ez3iDwFPR=Ed1BfrNuyUJPMK_=StjxhUsCkL6po1s7bONg@mail.gmail.com/ Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com> --- mm/mmap.c | 5 +++++ 1 file changed, 5 insertions(+)