commit 1c5ad84516ae7ea4ec868436a910a6bd8d20215a · tjh.dev/kernel

tjh.dev / kernel

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

[PATCH] fix VmSize and VmData after mremap

mremap's move_vma is applying __vm_stat_account to the old vma which may
have already been freed: move it to just before the do_munmap.

mremapping to and fro with CONFIG_DEBUG_SLAB=y showed /proc/<pid>/status
VmSize and VmData wrapping just like in kernel bugzilla #4842, and fixed by
this patch - worth including in 2.6.13, though not yet confirmed that it
fixes that specific report from Frank van Maarseveen.

Signed-off-by: Hugh Dickins <hugh@veritas.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

authored by Hugh Dickins and committed by Linus Torvalds 20 years ago 1c5ad845 e234f35c

+1 -1

1 changed file

expand all

unified split

mremap.c

+1 -1

mm/mremap.c

··· 229 * since do_munmap() will decrement it by old_len == new_len 230 */ 231 mm->total_vm += new_len >> PAGE_SHIFT; 232 233 if (do_munmap(mm, old_addr, old_len) < 0) { 234 /* OOM: unable to split vma, just get accounts right */ ··· 244 vma->vm_next->vm_flags |= VM_ACCOUNT; 245 } 246 247 - __vm_stat_account(mm, vma->vm_flags, vma->vm_file, new_len>>PAGE_SHIFT); 248 if (vm_flags & VM_LOCKED) { 249 mm->locked_vm += new_len >> PAGE_SHIFT; 250 if (new_len > old_len)

··· 229 * since do_munmap() will decrement it by old_len == new_len 230 */ 231 mm->total_vm += new_len >> PAGE_SHIFT; 232 + __vm_stat_account(mm, vma->vm_flags, vma->vm_file, new_len>>PAGE_SHIFT); 233 234 if (do_munmap(mm, old_addr, old_len) < 0) { 235 /* OOM: unable to split vma, just get accounts right */ ··· 243 vma->vm_next->vm_flags |= VM_ACCOUNT; 244 } 245 246 if (vm_flags & VM_LOCKED) { 247 mm->locked_vm += new_len >> PAGE_SHIFT; 248 if (new_len > old_len)