On Sat, Feb 08, 2020 at 08:35:26AM +0000, Li Xinhai wrote:
> In dup_mmap(), anon_vma_prepare() is called for vma has VM_WIPEONFORK,
> and parameter 'tmp' (i.e., the new vma of child) has same ->vm_next and
> ->vm_prev as its parent vma. That allows anon_vma used by parent been
> mistakenly shared by child (find_mergeable_anon_vma() will do this reuse
> work).
>
> Besides this issue, call anon_vma_prepare() should be avoided because we
> don't copy page for this vma. Preparing anon_vma will be handled during
> fault.
>
> Fixes: d2cd9ede6e19 ("mm,fork: introduce MADV_WIPEONFORK")
> Signed-off-by: Li Xinhai <lixinhai.lxh@xxxxxxxxx>
> Cc: Rik van Riel <riel@xxxxxxxxxx>
> Cc: Kirill A. Shutemov <kirill.shutemov@xxxxxxxxxxxxxxx>
> Cc: Matthew Wilcox <willy@xxxxxxxxxxxxx>
Acked-by: Kirill A. Shutemov <kirill.shutemov@xxxxxxxxxxxxxxx>
--
Kirill A. Shutemov
