+ kernel-fork-use-maple-tree-for-dup_mmap-during-forking-fix.patch added to mm-unstable branch

[Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>]

The patch titled
     Subject: kernel/fork: detect mas_store() failure in dup_mmap()
has been added to the -mm mm-unstable branch.  Its filename is
     kernel-fork-use-maple-tree-for-dup_mmap-during-forking-fix.patch

This patch will shortly appear at
     https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patches/kernel-fork-use-maple-tree-for-dup_mmap-during-forking-fix.patch

This patch will later appear in the mm-unstable branch at
    git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next via the mm-everything
branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
and is updated there every 2-3 working days

------------------------------------------------------
From: Liam Howlett <liam.howlett@xxxxxxxxxx>
Subject: kernel/fork: detect mas_store() failure in dup_mmap()
Date: Fri, 22 Jul 2022 16:06:03 +0000

mas_store() should not fail, but protect against potential failures by
checking the maple state for mas_is_err().

Link: https://lkml.kernel.org/r/20220722160546.1478722-3-Liam.Howlett@xxxxxxxxxx
Fixes: 57579b57de57 (kernel/fork: use maple tree for dup_mmap() during forking)
Signed-off-by: Liam R. Howlett <Liam.Howlett@xxxxxxxxxx>
Cc: Yu Zhao <yuzhao@xxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---

 kernel/fork.c |    5 +++++
 1 file changed, 5 insertions(+)

--- a/kernel/fork.c~kernel-fork-use-maple-tree-for-dup_mmap-during-forking-fix
+++ a/kernel/fork.c
@@ -709,6 +709,8 @@ static __latent_entropy int dup_mmap(str
 		mas.index = tmp->vm_start;
 		mas.last = tmp->vm_end - 1;
 		mas_store(&mas, tmp);
+		if (mas_is_err(&mas))
+			goto fail_nomem_mas_store;
 
 		mm->map_count++;
 		if (!(tmp->vm_flags & VM_WIPEONFORK))
@@ -732,6 +734,9 @@ out:
 fail_uprobe_end:
 	uprobe_end_dup_mmap();
 	return retval;
+
+fail_nomem_mas_store:
+	unlink_anon_vmas(tmp);
 fail_nomem_anon_vma_fork:
 	mpol_put(vma_policy(tmp));
 fail_nomem_policy:
_

Patches currently in -mm which might be from liam.howlett@xxxxxxxxxx are

android-binder-fix-lockdep-check-on-clearing-vma.patch
maple-tree-add-new-data-structure-fix.patch
kernel-fork-use-maple-tree-for-dup_mmap-during-forking-fix.patch
mm-mlock-drop-dead-code-in-count_mm_mlocked_page_nr.patch