nommu: fix error handling in do_mmap_pgoff()

Fix the error handling in do_mmap_pgoff(). If do_mmap_shared_file() or do_mmap_private() fail, we jump to the error_put_region label at which point we cann __put_nommu_region() on the region - but we haven't yet added the region to the tree, and so __put_nommu_region() may BUG because the region tree is empty or it may corrupt the region tree. To get around this, we can afford to add the region to the region tree before calling do_mmap_shared_file() or do_mmap_private() as we keep nommu_region_sem write-locked, so no-one can race with us by seeing a transient region. Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Pekka Enberg <penberg@cs.helsinki.fi> Acked-by: Paul Mundt <lethal@linux-sh.org> Cc: Mel Gorman <mel@csn.ul.ie> Acked-by: Greg Ungerer <gerg@snapgear.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

nommu: fix error handling in do_mmap_pgoff()
Fix the error handling in do_mmap_pgoff(). If do_mmap_shared_file() or do_mmap_private() fail, we jump to the error_put_region label at which point we cann __put_nommu_region() on the region - but we haven't yet added the region to the tree, and so __put_nommu_region() may BUG because the region tree is empty or it may corrupt the region tree. To get around this, we can afford to add the region to the region tree before calling do_mmap_shared_file() or do_mmap_private() as we keep nommu_region_sem write-locked, so no-one can race with us by seeing a transient region. Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Pekka Enberg <penberg@cs.helsinki.fi> Acked-by: Paul Mundt <lethal@linux-sh.org> Cc: Mel Gorman <mel@csn.ul.ie> Acked-by: Greg Ungerer <gerg@snapgear.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
David Howells · Linus Torvalds
1 parent 4e49627b9b
Showing 1 changed file with 1 additions and 2 deletions Side-by-side Diff
mm/nommu.c
@@ -1352,6 +1352,7 @@
 	}
  
 	vma->vm_region = region;
+	add_nommu_region(region);
  
 	/* set up the mapping */
 	if (file && vma->vm_flags & VM_SHARED)
@@ -1360,8 +1361,6 @@
 		ret = do_mmap_private(vma, region, len);
 	if (ret < 0)
 		goto error_put_region;
-
-	add_nommu_region(region);
  
 	/* okay... we have a mapping; now we have to register it */
 	result = vma->vm_start;
...	...	@@ -1352,6 +1352,7 @@
1352	1352	}
1353	1353
1354	1354	vma->vm_region = region;
	1355	+ add_nommu_region(region);
1355	1356
1356	1357	/* set up the mapping */
1357	1358	if (file && vma->vm_flags & VM_SHARED)
...	...	@@ -1360,8 +1361,6 @@
1360	1361	ret = do_mmap_private(vma, region, len);
1361	1362	if (ret < 0)
1362	1363	goto error_put_region;
1363		-
1364		- add_nommu_region(region);
1365	1364
1366	1365	/* okay... we have a mapping; now we have to register it */
1367	1366	result = vma->vm_start;