On Wed, 15 Sep 2010, Andrea Arcangeli wrote: > From: Andrea Arcangeli <aarcange@xxxxxxxxxx> > > If __split_vma fails because of an out of memory condition the > anon_vma_chain isn't teardown and freed potentially leading to rmap > walks accessing freed vma information plus there's a memleak. > > Signed-off-by: Andrea Arcangeli <aarcange@xxxxxxxxxx> Acked-by: Hugh Dickins <hughd@xxxxxxxxxx> and I'm glad to see Andrew already added Cc: stable@xxxxxxxxxx > --- > > diff --git a/mm/mmap.c b/mm/mmap.c > --- a/mm/mmap.c > +++ b/mm/mmap.c > @@ -2014,6 +2014,7 @@ static int __split_vma(struct mm_struct > removed_exe_file_vma(mm); > fput(new->vm_file); > } > + unlink_anon_vmas(new); > out_free_mpol: > mpol_put(pol); > out_free_vma: -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxxx For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>