From patchwork Mon Nov 18 19:40:48 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Liam R. Howlett" X-Patchwork-Id: 13879014 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 14130D591AD for ; Mon, 18 Nov 2024 19:41:30 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 3F4336B0082; Mon, 18 Nov 2024 14:41:30 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 3A2D86B0085; Mon, 18 Nov 2024 14:41:30 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 1F4F36B0088; Mon, 18 Nov 2024 14:41:30 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 052C56B0082 for ; Mon, 18 Nov 2024 14:41:29 -0500 (EST) Received: from smtpin28.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id A4034804F9 for ; Mon, 18 Nov 2024 19:41:29 +0000 (UTC) X-FDA: 82800234636.28.B0D4B9D Received: from mx0b-00069f02.pphosted.com (mx0b-00069f02.pphosted.com [205.220.177.32]) by imf07.hostedemail.com (Postfix) with ESMTP id E12FF40015 for ; Mon, 18 Nov 2024 19:40:16 +0000 (UTC) Authentication-Results: imf07.hostedemail.com; dkim=pass header.d=oracle.com header.s=corp-2023-11-20 header.b="K/JoWf1P"; dkim=pass header.d=oracle.onmicrosoft.com header.s=selector2-oracle-onmicrosoft-com header.b="wxEQ2C/1"; arc=pass ("microsoft.com:s=arcselector10001:i=1"); dmarc=pass (policy=reject) header.from=oracle.com; spf=pass (imf07.hostedemail.com: domain of liam.howlett@oracle.com designates 205.220.177.32 as permitted sender) smtp.mailfrom=liam.howlett@oracle.com ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1731958703; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:in-reply-to: references:dkim-signature; bh=uHZb8Yvp8n2iUktolZgGWVt58BkKJtZRhofsnmQhk2Y=; b=s13g9g0A6/2cfyWOYy+r4dQnSWeiuio2lehXZFz2b2RrgKAZ5XKJfxU8ST/enSHBPGUx8N ZHvAw8zRs/t7b5Irgb0C9tXGAcdPY/bnDbi9OydF/kjykuq5fJyxNWAdePWnCgQVTROGP9 MeJsvY+uMu5pf2m73to201A9sSBXdT0= ARC-Authentication-Results: i=2; imf07.hostedemail.com; dkim=pass header.d=oracle.com header.s=corp-2023-11-20 header.b="K/JoWf1P"; dkim=pass header.d=oracle.onmicrosoft.com header.s=selector2-oracle-onmicrosoft-com header.b="wxEQ2C/1"; arc=pass ("microsoft.com:s=arcselector10001:i=1"); dmarc=pass (policy=reject) header.from=oracle.com; spf=pass (imf07.hostedemail.com: domain of liam.howlett@oracle.com designates 205.220.177.32 as permitted sender) smtp.mailfrom=liam.howlett@oracle.com ARC-Seal: i=2; s=arc-20220608; d=hostedemail.com; t=1731958703; a=rsa-sha256; cv=pass; b=Wa6OvOjCoPcvQ5ZRWJa0bJutbEvRjnukcRPRkf04mjZ++mNZFJaAEptlGl9qQIpeSCHs5A e4VB0vJs686u0nqumV+CfLSTEFXMQtMT8qHVBQCy2RbfkffgQ6wkrbS7bHvMsZCdCwbRpu CfMj4EF2M5VwmCpe+aKwvTnvUTUTAmw= Received: from pps.filterd (m0246631.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 4AIGU4C8005616; Mon, 18 Nov 2024 19:41:24 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=cc :content-transfer-encoding:content-type:date:from:message-id :mime-version:subject:to; s=corp-2023-11-20; bh=uHZb8Yvp8n2iUkto lZgGWVt58BkKJtZRhofsnmQhk2Y=; b=K/JoWf1PEv4g4MZtLMxREyG1blZjV05A i3rcLFQvTxBv6ynMOsKoRE3Kpre6NtoCZ4AhFiihtzLHlpkUJbH8wVE8S0HpW0fZ mfTV4JCCh4FpZl9by4g8KsApg3Q3M1uyenC1lgCSJfWWY3kSkIkDZcRC9x8sqN1q HCp9ivzitBhG1iVZHEO11t7hGeRzhp+jMgIkFxtwWy9/oTOXTu9M4jQCywqJKMj4 54VhmKLIXb4CHt/WFOOEJjwel015KWpRpyu5saqrr8zZBFxyz+leveiDySu1kgE5 XG8SvXzlfEqjaPF3D7ykX0d0IVRos7YFww4UU+jVwB85sljMHCi1sQ== Received: from phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com (phxpaimrmta02.appoci.oracle.com [147.154.114.232]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 42ynyr1y8w-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 18 Nov 2024 19:41:23 +0000 (GMT) Received: from pps.filterd (phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1]) by phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com (8.18.1.2/8.18.1.2) with ESMTP id 4AIIG1tf037247; Mon, 18 Nov 2024 19:41:22 GMT Received: from nam12-dm6-obe.outbound.protection.outlook.com (mail-dm6nam12lp2172.outbound.protection.outlook.com [104.47.59.172]) by phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with ESMTPS id 42xhu7rhsx-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 18 Nov 2024 19:41:22 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=laTrVO0HeMA7lftRuaYs0lhOZ0/D4AGdY6KoR5bqaDV0UCRKW1+Wef0FEI8J5LVKAzEXoF9kYty/eVIaNY/ezp1lB+lpbBdT1J93aHmMCZ3y5M246R1ps1GS5+10HtIXNYcpAOYoWoXZNU4YB8JMZovhkOecoc0FC0Vrw9WjDPSO/P/n8AEEm4EzfV7G/XDks0V28EH2Esr25qFI5N5kRooGMnfG4Ki+WkRWg2SOn3W31DRIbl77DoQxrVGisoAn3ep06yIHF+4MSfxmQ5E3zwS/9q6L+QLTZifKACsmkqBTEY1+nEsmss6W63MjFUIiIzAASxjJtefrFc4Lh0326g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=uHZb8Yvp8n2iUktolZgGWVt58BkKJtZRhofsnmQhk2Y=; b=AL37BpU18Fypr4YNt9kR6v2LtRXLUm69li2JKD369QOns5CSE2XlrODuNOvnhFz6kAPbEtCFg1ChN8Wx/8w+vQPKUMe8FwfutW4vEbAY61hf4UvyzjzQoJZW/4HQrAfPPPV2JyGygF/UkHbGJ/cfwS0oLpQSaDuv8+hIElJOrZXyLnfJGFCROhbSsEr8gF4NqA1OIGnSQBpFCwF0BouMFks2XjjL3nbwqzPCEYJFbGkxVSWK6S2YrLjUjPhZpsl2FneJEY8WQmXKBaOHkTcna4J5MHajITKanTaEvfwPwsLB8KV29HFiZ648Lf2+jC9Hy+phIYx0A/4pSH/UKSvvew== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.onmicrosoft.com; s=selector2-oracle-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=uHZb8Yvp8n2iUktolZgGWVt58BkKJtZRhofsnmQhk2Y=; b=wxEQ2C/1ReqY/HyS2K7AicKbqkJK/wQf211iWQN76M577pcXTMZ1OSMpoEuRgM0etzx1vs8HhY5khVB/GMb4AYT6mmtMQUzqVzIlxIKLXROwLAXKBQqYRq9cLdlcU3G6QMw0xZ28wnnJHt8k9QlaMvIO0LMRMD+KC+Sh1A9RIFc= Received: from PH0PR10MB5777.namprd10.prod.outlook.com (2603:10b6:510:128::16) by BLAPR10MB5073.namprd10.prod.outlook.com (2603:10b6:208:307::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8158.24; Mon, 18 Nov 2024 19:41:19 +0000 Received: from PH0PR10MB5777.namprd10.prod.outlook.com ([fe80::75a8:21cc:f343:f68c]) by PH0PR10MB5777.namprd10.prod.outlook.com ([fe80::75a8:21cc:f343:f68c%6]) with mapi id 15.20.8158.021; Mon, 18 Nov 2024 19:41:19 +0000 From: "Liam R. Howlett" To: Andrew Morton Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org, Lorenzo Stoakes , Jann Horn , "Liam R. Howlett" , syzbot+bc6bfc25a68b7a020ee1@syzkaller.appspotmail.com, Vlastimil Babka , stable@vger.kernel.org Subject: [PATCH 6.12.y] mm/mmap: fix __mmap_region() error handling in rare merge failure case Date: Mon, 18 Nov 2024 14:40:48 -0500 Message-ID: <20241118194048.2355180-1-Liam.Howlett@oracle.com> X-Mailer: git-send-email 2.43.0 X-ClientProxiedBy: YT4P288CA0074.CANP288.PROD.OUTLOOK.COM (2603:10b6:b01:d0::7) To PH0PR10MB5777.namprd10.prod.outlook.com (2603:10b6:510:128::16) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: PH0PR10MB5777:EE_|BLAPR10MB5073:EE_ X-MS-Office365-Filtering-Correlation-Id: f3ec565d-89c6-4622-1524-08dd0808f923 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|376014|366016; X-Microsoft-Antispam-Message-Info: j4dJ5lVjTpvKD6QPcvxs8Ko1wtidzD+a3IUrC3IHZTZiTnqSjjv7zbTFwjjEp+uqGIH0Zijz/IJeyvQafW+9GWt01l8KL5k/3eSxWyDyGkTIzU2vll7JqjRiPG7W0+UomNyWCjPVN3iO8gZphsaP7I2wW6dyxZMzCiqXB/Cv/H5Zf//wstL2V208kkrT34FVimyLNXuzcKjFxxAbm1ovQvaYK4bd8DgaLIRZ5fbM4GDMx8/yL1ITM3TQ9YLC8kW7/gw0ZHq4ZYvFf9WY6pUdeaaQKOypKoIYbtF2D52YASCTd6uPzYx1fos2Thh9kblcq/UYrIZVzoCYM4ACT3XT0XFRuHtYwBwM3KcO4YkUY9BgWm1AUFJUHGZCnVempL2DNcHizxxN0URiMdle7iNjMOqjpkBGt03ovyfx55mJD1/UkA97WXoM4nIQ5O4MKpxIfFsvF6ZmCbjMX+YiPOs9x3T4ZBioYp5/HmvuGE/WEGtggvZn/B4WzhRR5ThUMtoy86MM9waycr/NEeRGebq9D8PWcWH4UXqOwnon0BKxv4D2r8MByt5uLkVRWuRWGO85idxgZfmL+Le34FoIDkayhVyzeZWS/yEehLCY+AQTnG0sXB8f4tFh0U65HMtI2Gan5d8xVGfHI1cqVhcrA0o8fXtjtHLoiNXTv7ScdlsicCG80SsyHzsh5MPNwk7gINfu/0Cm6Nt6bH9W7DUV55+IqQaJQZq+W3adXbfxJN+eoSY+HdOVeyipXlNOnKZmF5XqhuJn4sfkLtxp4PCmuUrOkootWyiu301P2ipfTJ/4vTXvxWUC5otFgOaUCnlur5t0TLRvyEG5mTsneI8/fIw0gS9qFaDpnd7mmxA2/C90Rwue9CFP6KMYg3ta79f6W80PygiGRjnZz+Q+3ISQ7QSds44MjqMEfIf1dP8jSBSfnULTip1WPwlMO2hD/tAwQ4AG7xrEqxqBnzRobRqjdRpylaTDmG1T7V5vSG5phVcDiM+CpCjvO/65emhWTMvfaKX38YqcWmbhB+a4nVluLAwMl2qyFxfVMHK/zqz4tSmeKHnKtkH34TapD5yAoZlPfDl+fhiM1gTU1jNyLtakWv0HUGr5t5Vzuku1RbPyxJ0dosnda2YWJBudU4cehfONyHfkHzix5kPlZMYwPbMbzIWROQa4roQ38bPNnr5bcttVkO0SY42qEJGG9ztJJbPWKZYJMUIjOjE0zQ8TuYES1xOXjNCvSb0MNH9a6gt89aAviQ9KKrEOVV2LCnvln6QiWSSw X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR10MB5777.namprd10.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(366016);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: XkSNwYkv0Jh9MaTcaBn4Bk2Vtk+n2Z1dAN/w/ZM71D4v0iVZtQTE6Gnh1keoLmDesiZV7qLzoLckCtxPwMJk5p7tIprh4u1uKXdQRB0Vb8jT8YiwlOdoKmLqEQDeYL9awhH3MazzyhbWRIR9YEj5ZLh7rxjEgYkfsdOzC3VvcoZ4Q1wCvWBqOS4cahV1akuyqDONh2zGdK9841Gw6MmdFJCh9YM7+L0W27UND499kUfZ2pplwBw0E5m7ZNmikTrJUZRmbXoxH6nB6mjiMEO9XSr773btpwB0tPjPDV0MMz5nf6cF9EJcHQT9AErp7SHH/wwP58kSM+7Yz9nsnoCeSsXGsYnexsvbsPszDKltvMiMwgwz+r5uO+wbpf3vBo+Ud13VyeHU72NhR9yTAP5/SuR9oCLpld9yZdXtpgATRcWL30QWzi+cyb49+9iUE2WXgwUbMM463dPZMDkBV954cyebPgHnR0jgfBTBsntnKTxhUBWBlJnonRQ/dMqwbvRN2//4ZLceeEnhjz6CUOMn2qZFvJpZ5fEEXNqeC/9nKtG7PGzXEwJPdutxd6p2sjyKPeSODwXkkGSacmm5E2MWKpnBOu47ZhAwvB5vrNMvjR3FrCSJSpoaWQRCxFF6cQyQzK0Ky0yAEu8/a+kuv+zP813qHs9tL63uUyySsOZw417DWdho0xbO7OgiWnmqY2i1QvXXjisJ/hVQ7BCMU+MnP4Di9HGbO0RCVLRiwdfhbM4PTpAqBHtsKMVMG/qh2NskS5PXkCamCFDPWvCW9qhs+uhJkkKdlroLKZ8EqT4PRRgN+Bu3G20uLe1XBf+dp1nzPNZnrz4Kx03ltV8tSKAjp7jmAZP74ROK/JukBfhgBrCN1gROoumwmk483DnDNXPzl0eKbO4YZSfnnRxXcwccRGZZaTkbXK74nDpDqiyC+hyJbyrgYaPeiQs4AnqXVavPx9sesCD10T8RAKbF/a1ccPZaTn8GpYEaAzOVHTvnoA9VllL6IYjUeEQzyl1UvT+X1SlJ4uOh4zZtneEqWfIWFQcfIDszdBi5xvYfC0oWlXec3P+Mjg2wlhm30224k2mEoPXIozgIruMb9PWTinuYKB8fNLbIcQ+wd7w6cl0+ti+3GTYyuUA0Lo7EFoLZAaJ3Lp+q0fH3HmI+2mqBpaJJXcq2Wvms1vWoVO1H5Z4UcovI93YkKwZGSDRr3TawfeEoqFYtr+b986DiY2BXg9PDr6fcWAX1PLfw3Qe4/jfifgdHNzSKVfvi/nFBSctUEoVWMoVyYCMJlI/pmbCmVI7eGZ8+G7e1efuatYRNW2j5tncY5EeTJ7sr6hHRIxzZO1mDZFIAtJiulINk9D+DEjjN+I3TeYm9OAN0N0crNtXWeNiREkwBFYAeHN4z/ry/yc3L+dkcaqAmDpv3EwjJHZi/rpEyxypdxeDH+olC2Ux61OoPBxAXo7pt0Sl8aEjE0UXaNh14mERxhsoJ/8g117MFJBfa2n8VayBhGP5L0sp0UtF3IHw0XKHaV4ThRMkyfi1YnkClM+8QjVntAKP45BmIHesP1RPoBHgz+PrrDpOgBtprkZrNoiKWSRJC/p3qZD7+ X-MS-Exchange-AntiSpam-ExternalHop-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-ExternalHop-MessageData-0: dRpc8boVzLlrWjT8Pz4gcYpeJKkmup2/m9PSPz7htKphwIOzEhU2JzV2z5K68ySasQLuaNFMHZ7I1MsjTS8eT26y3mEeXS6mOO+r6Cenj4/iQgD2vM8e6WUALlyMYVMIxNxKKBpeOdk844YfKjXCdWBY1uyuSLMP1JcfSCoOLh9pzSJXy6L+9Y61jQD5omuEjI2CSvRujlQw0avLq/0hLlkQ6J777HR+OmY/ywcKMt5rIIj7lGCJXvrzm9PI3mP5+FuZxvlygYA2MbDOrfwUgYU5qKkbZWyCLV2g4AhbEchHtqEEMYqQqWT8J+j8ZuPeCqD86J5hjgxKi4Qa4955sCS9z/LgGWB0NezkGGMMJm7K63bW4HpeXrmh8weaCeOLNn8GrM1kqZaBXYBLbvtX06fsh/GKvLkczRTlpgsYPPMSKiqzBdyUwPAyJkppUWndYysWhrz/XCg4lWxHmLCZNCXUOalYQ8w+nF7+DhlCKN82kZ/orddd9v6tlXSeNW9ZH9A4DYrgy1FqY3gjTymR2A1xcjD4rErmnASxUnJoH0APKd5QuacYOfvfijV/Gvq1qFNnOHlSJXx+e3QHd7xzbIJ74f15KzWE6WBVShJxKG8= X-OriginatorOrg: oracle.com X-MS-Exchange-CrossTenant-Network-Message-Id: f3ec565d-89c6-4622-1524-08dd0808f923 X-MS-Exchange-CrossTenant-AuthSource: PH0PR10MB5777.namprd10.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Nov 2024 19:41:19.0975 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: e7yMb9NRUzQ6G6WYHlRqlUKN9t/L45eQBV7+XIxCTxK956OiY7gxaj5PF17xL818ckaCiEXU3ZcQun2cz1Y+vg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLAPR10MB5073 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1057,Hydra:6.0.680,FMLib:17.12.62.30 definitions=2024-11-18_15,2024-11-18_01,2024-09-30_01 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 bulkscore=0 spamscore=0 adultscore=0 suspectscore=0 mlxlogscore=999 phishscore=0 malwarescore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2409260000 definitions=main-2411180162 X-Proofpoint-ORIG-GUID: 1M4v3zPBqjpDm-p2bdWW4z0afv39f4-y X-Proofpoint-GUID: 1M4v3zPBqjpDm-p2bdWW4z0afv39f4-y X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: E12FF40015 X-Stat-Signature: xdk7n9b77eqz84njfp8yp5grfe68sojd X-Rspam-User: X-HE-Tag: 1731958816-443746 X-HE-Meta: U2FsdGVkX19PFi+5FBbKVrMo3cvw9hlGLkWN5hhYsVv7g7Y0oeuzOReHpCIfU4E57CgGyhD+5reCiX4dcPpQCFdIUpjL+YX+dEp5ZSiBb30n8mhu6fqIhKV7GTY9qj2ZFM8UW4L91lww/DKsA/XOMvd8lqFibj+AUxbeSC9CdkjHc5Hy6sKuVQkuS1k2CB2c6nc2nI814G8EdfaViiq5x7xP1P0EmOVu1FClUngatSeU2rs4Z9LbinvAifKMi5EOpkGaY6AYjEdymbtWThr94AxE3KwrTx5DKDuCYuD1dBd82PJ17yI6CcXg4M5MPoNWf8uzSwBXn40RejNKY0cYkcvScdyEIGLAGdmWXNpAp9er3ECoH9oNEg3USuXcFM3YgSG/npVDqptQ417vK7U4zI/HBk4bBKX0tbK/W4pXGuQ9Ecnr0m0nI3Ogd9ezqt1nVPdPrwnyulks80PiN1IouI+Zd/QMU6+JC+jhXjdI0r6+ng5/0OK5Jm0cHBmB8ZwL5TUZIRELFp7L1HMCLQztYM3DBaETbPjFE+O0MG9YiUoDHmRaVaNh3j8f1wmPO7k3BR0auB2+PTT5tsFzm+CaNCIaU4RYPSS4cUOBDj21f6WxkEyXXXGjCrkpBq9rZVmgG/hzSEdx4YuluThg80YkBngn9edxijNDRiScZxfsNXK+3vjop0lunc/NfsNnIJPRtiS4sBeyzFxMNEiszoCKaLrkmekylEKBSHitKThQ1FF5jkmlvv9TTR+JYatWwaCg4OtYMoVTrwSOyiuDJoSKzJlk4IsY1Pbha/ryn6doNNX9z1toBT0kXGc3jcBqDDDgcIV1YExMQ2vg0RW/kd8yU1OveaSNRLHuADPlJRBU2zCEcIY8WqHV63HrbItCkJFL9cwi55BoiqykLaOdNbupkOg7+woWPEx0iqulhRJ7zBOZAI0qZ+52zR2qbio1NImxGXiOBtA4NDXRmwL4OV2 nT/zmsIe hYBBoXl/vySwwVQ562CkrpBL2y37GeSXPonKgnHdyejoEj45vhYfXrRbOhShCR7mFZv7XLk9HQFNi8lrKoCedvrn4cW1H2bP5B1QhD6wNOZsNcwgjHryQ5K55/7aZK/lLaVqPjWlTI14GMfufJEgUAa1jZUpxTQIDWphp5CsH870nA3E8VFpKca6n0CJ2cvg/ylvKKUJltASqE91EkOxaOPMh21d9i1lA3Pjo3fweBzARVtAaCB9L4WcKOiKc7O3Qil97cbdmlmLRDL4Y2OfKJjnJLnd9A7bkk1Q4sgnOKc4LPIdI4ov//3VvnrmgGlVmhKNPk811btodnuDlB81YyW9OYwdeErt4UiSHpkzfUA3ahugCbE2vjcdQkyDMvIukz0Z/w8NDu+kw0/mnIVyUghheYBZMLlfILEPt4tmd2Q7I9LEc/cf4jiT0pIKONltcUF32jkBUgqwPR59XxAFiX17QunCoU/tVVodUB6cEFgkQ8lZO7ba1oyWZQo1Jin3NVUih8YKc2A/qxDcS0xyxDI0lQh4FVC8RIiKzO8Hhm397orq3kuI3/NNCemRpnwHOPEl59Vd6oZMlsQcRfJML9BTPvwijoPJPZGE4F1ICItKKuJpJh6GY4vkxMmPXg4VedcaGoubg2gneKXhXKOmHhb1r27XCI2shmNIvku6lDAEpg6yWYcGkDf+MNARrTWmVZjo5HC3P4auvQLn/0+YKdoBEGau97r2Emlv5Jne/C4mw7t2CyNfQHdYMIkmg7IpSHi8JIUemrz0oYkAsRzUbPTYuO8N3XP861bRbJ1U4meHNIDCbkHn/hw3LmiLz+COZaRtdkFg34ap8oCZz+db3NyDZyCr1/0cBneSEvIJuIMsd7OA= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: From: "Liam R. Howlett" The mmap_region() function tries to install a new vma, which requires a pre-allocation for the maple tree write due to the complex locking scenarios involved. Recent efforts to simplify the error recovery required the relocation of the preallocation of the maple tree nodes (via vma_iter_prealloc() calling mas_preallocate()) higher in the function. The relocation of the preallocation meant that, if there was a file associated with the vma and the driver call (mmap_file()) modified the vma flags, then a new merge of the new vma with existing vmas is attempted. During the attempt to merge the existing vma with the new vma, the vma iterator is used - the same iterator that would be used for the next write attempt to the tree. In the event of needing a further allocation and if the new allocations fails, the vma iterator (and contained maple state) will cleaned up, including freeing all previous allocations and will be reset internally. Upon returning to the __mmap_region() function, the error reason is lost and the function sets the vma iterator limits, and then tries to continue to store the new vma using vma_iter_store() - which expects preallocated nodes. A preallocation should be performed in case the allocations were lost during the failure scenario - there is no risk of over allocating. The range is already set in the vma_iter_store() call below, so it is not necessary. Reported-by: syzbot+bc6bfc25a68b7a020ee1@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/x/log.txt?x=17b0ace8580000 Fixes: 5de195060b2e2 ("mm: resolve faulty mmap_region() error path behaviour") Signed-off-by: Liam R. Howlett Cc: Lorenzo Stoakes Cc: Vlastimil Babka Cc: Jann Horn Cc: --- mm/mmap.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/mm/mmap.c b/mm/mmap.c index 79d541f1502b2..5cef9a1981f1b 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -1491,7 +1491,10 @@ static unsigned long __mmap_region(struct file *file, unsigned long addr, vm_flags = vma->vm_flags; goto file_expanded; } - vma_iter_config(&vmi, addr, end); + if (vma_iter_prealloc(&vmi, vma)) { + error = -ENOMEM; + goto unmap_and_free_file_vma; + } } vm_flags = vma->vm_flags;