kosaki.motohiro@xxxxxxxxx writes: > From: KOSAKI Motohiro <kosaki.motohiro@xxxxxxxxxxxxxx> > > commit cc9a6c8776 (cpuset: mm: reduce large amounts of memory barrier related > damage v3) introduced a memory corruption. > > shmem_alloc_page() passes pseudo vma and it has one significant unique > combination, vma->vm_ops=NULL and (vma->policy->flags & MPOL_F_SHARED). > > Now, get_vma_policy() does NOT increase a policy ref when vma->vm_ops=NULL > and mpol_cond_put() DOES decrease a policy ref when a policy has MPOL_F_SHARED. > Therefore, when cpuset race is happen and alloc_pages_vma() fall in > 'goto retry_cpuset' path, a policy refcount will be decreased too much and > therefore it will make memory corruption. > > This patch fixes it. Looks good. Acked-by: Andi Kleen <ak@xxxxxxxxxxxxxxx> -Andi -- ak@xxxxxxxxxxxxxxx -- Speaking for myself only -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/ Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>