The following commit has been merged in the linux branch: commit ab8a3e14e6f8e567560f664bbd29aefb306a274e Author: KOSAKI Motohiro kosaki.motohiro@jp.fujitsu.com Date: Mon Oct 26 16:49:58 2009 -0700
mbind(): fix leak of never putback pages
If mbind() receives an invalid address, do_mbind leaks a page. The following test program detects this leak.
This patch fixes it.
migrate_efault.c ======================================= #include <numaif.h> #include <numa.h> #include <sys/mman.h> #include <stdio.h> #include <unistd.h> #include <stdlib.h> #include <string.h>
static unsigned long pagesize;
static void* make_hole_mapping(void) {
void* addr;
addr = mmap(NULL, pagesize*3, PROT_READ|PROT_WRITE, MAP_ANON|MAP_PRIVATE, 0, 0); if (addr == MAP_FAILED) return NULL;
/* make page populate */ memset(addr, 0, pagesize*3);
/* make memory hole */ munmap(addr+pagesize, pagesize);
return addr; }
int main(int argc, char** argv) { void* addr; int ch; int node; struct bitmask *nmask = numa_allocate_nodemask(); int err; int node_set = 0;
while ((ch = getopt(argc, argv, "n:")) != -1){ switch (ch){ case 'n': node = strtol(optarg, NULL, 0); numa_bitmask_setbit(nmask, node); node_set = 1; break; default: ; } } argc -= optind; argv += optind;
if (!node_set) numa_bitmask_setbit(nmask, 0);
pagesize = getpagesize();
addr = make_hole_mapping();
err = mbind(addr, pagesize*3, MPOL_BIND, nmask->maskp, nmask->size, MPOL_MF_MOVE_ALL); if (err) perror("mbind ");
return 0; } =======================================
Signed-off-by: KOSAKI Motohiro kosaki.motohiro@jp.fujitsu.com Acked-by: Christoph Lameter cl@linux-foundation.org Cc: stable@kernel.org Signed-off-by: Andrew Morton akpm@linux-foundation.org Signed-off-by: Linus Torvalds torvalds@linux-foundation.org
diff --git a/mm/mempolicy.c b/mm/mempolicy.c index 7dd9d9f..d49956d 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c @@ -1058,7 +1058,8 @@ static long do_mbind(unsigned long start, unsigned long len,
if (!err && nr_failed && (flags & MPOL_MF_STRICT)) err = -EIO; - } + } else + putback_lru_pages(&pagelist);
up_write(&mm->mmap_sem); mpol_put(new);