The patch titled
mmu_notifiers destroyed by __mmu_notifier_release() retain extra mm_count
has been added to the -mm tree. Its filename is
mmu_notifiers-destroyed-by-__mmu_notifier_release-retain-extra-mm_count.patch
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/SubmitChecklist when testing your code ***
See http://userweb.kernel.org/~akpm/stuff/added-to-mm.txt to find
out what to do about this
The current -mm tree may be found at http://userweb.kernel.org/~akpm/mmotm/
------------------------------------------------------
Subject: mmu_notifiers destroyed by __mmu_notifier_release() retain extra mm_count
From: Robin Holt <holt@xxxxxxx>
An application relying upon mmu_notifier_release for teardown of the
mmu_notifiers will leak mm_structs. At the do_mmu_notifier_register
increments mm_count, but __mmu_notifier_release() does not decrement it.
I detected this while running a 2.6.27 kernel. It causes a denial of
service with OOM.
Signed-off-by: Robin Holt <holt@xxxxxxx>
Cc: <stable@xxxxxxxxxx> [2.6.27.x, 2.6.28.x]
Cc: Andrea Arcangeli <aarcange@xxxxxxxxxx>
Cc: Nick Piggin <npiggin@xxxxxxx>
Cc: Christoph Lameter <cl@xxxxxxxxxxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
mm/mmu_notifier.c | 1 +
1 file changed, 1 insertion(+)
diff -puN mm/mmu_notifier.c~mmu_notifiers-destroyed-by-__mmu_notifier_release-retain-extra-mm_count mm/mmu_notifier.c
--- a/mm/mmu_notifier.c~mmu_notifiers-destroyed-by-__mmu_notifier_release-retain-extra-mm_count
+++ a/mm/mmu_notifier.c
@@ -61,6 +61,7 @@ void __mmu_notifier_release(struct mm_st
if (mn->ops->release)
mn->ops->release(mn, mm);
rcu_read_unlock();
+ mmdrop(mm); /* matches do_mmu_notifier_register's inc */
spin_lock(&mm->mmu_notifier_mm->lock);
}
spin_unlock(&mm->mmu_notifier_mm->lock);
_
Patches currently in -mm which might be from holt@xxxxxxx are
origin.patch
mmu_notifiers-destroyed-by-__mmu_notifier_release-retain-extra-mm_count.patch
factor-out-ifdefs-from-kernel-spinlockc-to-lock_contended_flags.patch
allow-rwlocks-to-re-enable-interrupts.patch
ia64-implement-interrupt-enabling-rwlocks.patch
--
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
