exit_mmap() frees vmas without detaching them. This will become a problem
when we introduce vma reuse. Ensure that vmas are always detached before
being freed.
Signed-off-by: Suren Baghdasaryan <surenb@xxxxxxxxxx>
---
kernel/fork.c | 4 ++++
mm/vma.c | 10 ++++++++--
2 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/kernel/fork.c b/kernel/fork.c
index 283909d082cb..f1ddfc7b3b48 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -473,6 +473,10 @@ struct vm_area_struct *vm_area_dup(struct vm_area_struct *orig)
void __vm_area_free(struct vm_area_struct *vma)
{
+#ifdef CONFIG_PER_VMA_LOCK
+ /* The vma should be detached while being destroyed. */
+ VM_BUG_ON_VMA(!is_vma_detached(vma), vma);
+#endif
vma_numab_state_free(vma);
free_anon_vma_name(vma);
kmem_cache_free(vm_area_cachep, vma);
diff --git a/mm/vma.c b/mm/vma.c
index fbd7254517d6..0436a7d21e01 100644
--- a/mm/vma.c
+++ b/mm/vma.c
@@ -413,9 +413,15 @@ void remove_vma(struct vm_area_struct *vma, bool unreachable)
if (vma->vm_file)
fput(vma->vm_file);
mpol_put(vma_policy(vma));
- if (unreachable)
+ if (unreachable) {
+#ifdef CONFIG_PER_VMA_LOCK
+ if (!is_vma_detached(vma)) {
+ vma_start_write(vma);
+ vma_mark_detached(vma);
+ }
+#endif
__vm_area_free(vma);
- else
+ } else
vm_area_free(vma);
}
--
2.47.1.613.gc27f4b7a9f-goog
