diff options
| author | KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com> | 2009-10-26 16:49:58 -0700 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@suse.de> | 2009-11-09 16:52:13 -0800 |
| commit | ce25e35ebeaa56e566acbd1739a7c371ad5cd0c1 (patch) | |
| tree | b02700c6a3b2c95d3ebf60a6aa974e95af8ef20e /mm | |
| parent | 6e6276689ca89240c8faa575b64a36b356d7b8ab (diff) | |
mbind(): fix leak of never putback pages
commit ab8a3e14e6f8e567560f664bbd29aefb306a274e upstream.
If mbind() receives an invalid address, do_mbind leaks a page. The
following test program detects this leak.
This patch fixes it.
migrate_efault.c
=======================================
#include <numaif.h>
#include <numa.h>
#include <sys/mman.h>
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
static unsigned long pagesize;
static void* make_hole_mapping(void)
{
void* addr;
addr = mmap(NULL, pagesize*3, PROT_READ|PROT_WRITE,
MAP_ANON|MAP_PRIVATE, 0, 0);
if (addr == MAP_FAILED)
return NULL;
/* make page populate */
memset(addr, 0, pagesize*3);
/* make memory hole */
munmap(addr+pagesize, pagesize);
return addr;
}
int main(int argc, char** argv)
{
void* addr;
int ch;
int node;
struct bitmask *nmask = numa_allocate_nodemask();
int err;
int node_set = 0;
while ((ch = getopt(argc, argv, "n:")) != -1){
switch (ch){
case 'n':
node = strtol(optarg, NULL, 0);
numa_bitmask_setbit(nmask, node);
node_set = 1;
break;
default:
;
}
}
argc -= optind;
argv += optind;
if (!node_set)
numa_bitmask_setbit(nmask, 0);
pagesize = getpagesize();
addr = make_hole_mapping();
err = mbind(addr, pagesize*3, MPOL_BIND, nmask->maskp, nmask->size, MPOL_MF_MOVE_ALL);
if (err)
perror("mbind ");
return 0;
}
=======================================
Signed-off-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Acked-by: Christoph Lameter <cl@linux-foundation.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'mm')
| -rw-r--r-- | mm/mempolicy.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/mm/mempolicy.c b/mm/mempolicy.c index 83bea4f6f1ba..7acf81c87bb6 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c @@ -985,7 +985,8 @@ static long do_mbind(unsigned long start, unsigned long len, if (!err && nr_failed && (flags & MPOL_MF_STRICT)) err = -EIO; - } + } else + putback_lru_pages(&pagelist); up_write(&mm->mmap_sem); mpol_put(new); |