On Mon, Oct 28, 2024 at 09:12:05PM -0700, Andrew Morton wrote: > > The patch titled > Subject: mm/mlock: set the correct prev on failure > has been added to the -mm mm-unstable branch. Its filename is > mm-mlock-set-the-correct-prev-on-failure.patch Hi Andrew, This patch needs to be applied as a hotfix as it fixes a bug in released kernels. Thanks! > > This patch will shortly appear at > https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patches/mm-mlock-set-the-correct-prev-on-failure.patch > > This patch will later appear in the mm-unstable branch at > git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm > > Before you just go and hit "reply", please: > a) Consider who else should be cc'ed > b) Prefer to cc a suitable mailing list as well > c) Ideally: find the original patch on the mailing list and do a > reply-to-all to that, adding suitable additional cc's > > *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** > > The -mm tree is included into linux-next via the mm-everything > branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm > and is updated there every 2-3 working days > > ------------------------------------------------------ > From: Wei Yang <richard.weiyang@xxxxxxxxx> > Subject: mm/mlock: set the correct prev on failure > Date: Sun, 27 Oct 2024 12:33:21 +0000 > > After commit 94d7d9233951 ("mm: abstract the vma_merge()/split_vma() > pattern for mprotect() et al."), if vma_modify_flags() return error, the > vma is set to an error code. This will lead to an invalid prev be > returned. > > Generally this shouldn't matter as the caller should treat an error as > indicating state is now invalidated, however unfortunately > apply_mlockall_flags() does not check for errors and assumes that > mlock_fixup() correctly maintains prev even if an error were to occur. > > This patch fixes that assumption. > > [lorenzo.stoakes@xxxxxxxxxx: provide a better fix and rephrase the log] > Link: https://lkml.kernel.org/r/20241027123321.19511-1-richard.weiyang@xxxxxxxxx > Fixes: 94d7d9233951 ("mm: abstract the vma_merge()/split_vma() pattern for mprotect() et al.") > Signed-off-by: Wei Yang <richard.weiyang@xxxxxxxxx> > Reviewed-by: Lorenzo Stoakes <lorenzo.stoakes@xxxxxxxxxx> > Reviewed-by: Liam R. Howlett <Liam.Howlett@xxxxxxxxxx> > Cc: Vlastimil Babka <vbabka@xxxxxxx> > Cc: Jann Horn <jannh@xxxxxxxxxx> > Cc: <stable@xxxxxxxxxxxxxxx> > Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> > --- > > mm/mlock.c | 9 ++++++--- > 1 file changed, 6 insertions(+), 3 deletions(-) > > --- a/mm/mlock.c~mm-mlock-set-the-correct-prev-on-failure > +++ a/mm/mlock.c > @@ -725,14 +725,17 @@ static int apply_mlockall_flags(int flag > } > > for_each_vma(vmi, vma) { > + int error; > vm_flags_t newflags; > > newflags = vma->vm_flags & ~VM_LOCKED_MASK; > newflags |= to_add; > > - /* Ignore errors */ > - mlock_fixup(&vmi, vma, &prev, vma->vm_start, vma->vm_end, > - newflags); > + error = mlock_fixup(&vmi, vma, &prev, vma->vm_start, vma->vm_end, > + newflags); > + /* Ignore errors, but prev needs fixing up. */ > + if (error) > + prev = vma; > cond_resched(); > } > out: > _ > > Patches currently in -mm which might be from richard.weiyang@xxxxxxxxx are > > maple_tree-i-is-always-less-than-or-equal-to-mas_end.patch > maple_tree-goto-complete-directly-on-a-pivot-of-0.patch > maple_tree-remove-maple_big_nodeparent.patch > maple_tree-memset-maple_big_node-as-a-whole.patch > maple_tree-root-node-could-be-handled-by-p_slot-too.patch > maple_tree-clear-request_count-for-new-allocated-one.patch > maple_tree-total-is-not-changed-for-nomem_one-case.patch > maple_tree-simplify-mas_push_node.patch > maple_tree-calculate-new_end-when-needed.patch > maple_tree-remove-sanity-check-from-mas_wr_slot_store.patch > mm-vma-the-pgoff-is-correct-if-can_merge_right.patch > mm-mlock-set-the-correct-prev-on-failure.patch >
