mmap_region() checks "file != NULL" when we know "file && vma_merge() == T".
Also, swap these if/else branches, imho make the code a bit more readable.
Signed-off-by: Oleg Nesterov <[email protected]>
--- MM/mm/mmap.c~1_MMAP 2008-01-27 17:09:47.000000000 +0300
+++ MM/mm/mmap.c 2008-02-03 20:49:39.000000000 +0300
@@ -1189,22 +1189,20 @@ munmap_back:
if (vma_wants_writenotify(vma))
vma->vm_page_prot = vm_get_page_prot(vm_flags & ~VM_SHARED);
- if (!file || !vma_merge(mm, prev, addr, vma->vm_end,
+ if (file && vma_merge(mm, prev, addr, vma->vm_end,
vma->vm_flags, NULL, file, pgoff, vma_policy(vma))) {
+ mpol_free(vma_policy(vma));
+ kmem_cache_free(vm_area_cachep, vma);
+ if (correct_wcount)
+ atomic_inc(&inode->i_writecount);
+ fput(file);
+ } else {
file = vma->vm_file;
vma_link(mm, vma, prev, rb_link, rb_parent);
if (correct_wcount)
atomic_inc(&inode->i_writecount);
- } else {
- if (file) {
- if (correct_wcount)
- atomic_inc(&inode->i_writecount);
- fput(file);
- }
- mpol_free(vma_policy(vma));
- kmem_cache_free(vm_area_cachep, vma);
}
-out:
+out:
mm->total_vm += len >> PAGE_SHIFT;
vm_stat_account(mm, vm_flags, file, len >> PAGE_SHIFT);
if (vm_flags & VM_LOCKED) {
On Sun, 3 Feb 2008, Oleg Nesterov wrote:
> mmap_region() checks "file != NULL" when we know "file && vma_merge() == T".
> Also, swap these if/else branches, imho make the code a bit more readable.
>
> Signed-off-by: Oleg Nesterov <[email protected]>
Acked-with-a-but-by: Hugh Dickins <[email protected]>
That's a great little improvement, Oleg: my difficulty in understanding
the patch is all due to the obscurity of the original you're improving.
But my but is this: you can go one step further, it's silly to be
repeating the "if (correct_wcount) atomic_inc..." in both the if
and the else clauses.
For several minutes I thought that must indicate we already had a
bug there. Eventually I realized not: we need deny_write_access()
above to test and deny atomically, then once we've merged or linked
the vma it's securely denying in the vma itself: so before returning
we need to undo our temporary denial. A brief comment might be
worthwhile, perhaps something like
/* Once vma denies write, undo our temporary denial count */
if (correct_wcount)
atomic_inc(&inode->i_writecount);
Hugh
>
> --- MM/mm/mmap.c~1_MMAP 2008-01-27 17:09:47.000000000 +0300
> +++ MM/mm/mmap.c 2008-02-03 20:49:39.000000000 +0300
> @@ -1189,22 +1189,20 @@ munmap_back:
> if (vma_wants_writenotify(vma))
> vma->vm_page_prot = vm_get_page_prot(vm_flags & ~VM_SHARED);
>
> - if (!file || !vma_merge(mm, prev, addr, vma->vm_end,
> + if (file && vma_merge(mm, prev, addr, vma->vm_end,
> vma->vm_flags, NULL, file, pgoff, vma_policy(vma))) {
> + mpol_free(vma_policy(vma));
> + kmem_cache_free(vm_area_cachep, vma);
> + if (correct_wcount)
> + atomic_inc(&inode->i_writecount);
> + fput(file);
> + } else {
> file = vma->vm_file;
> vma_link(mm, vma, prev, rb_link, rb_parent);
> if (correct_wcount)
> atomic_inc(&inode->i_writecount);
> - } else {
> - if (file) {
> - if (correct_wcount)
> - atomic_inc(&inode->i_writecount);
> - fput(file);
> - }
> - mpol_free(vma_policy(vma));
> - kmem_cache_free(vm_area_cachep, vma);
> }
> -out:
> +out:
> mm->total_vm += len >> PAGE_SHIFT;
> vm_stat_account(mm, vm_flags, file, len >> PAGE_SHIFT);
> if (vm_flags & VM_LOCKED) {
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
>
Sorry for delay,
On 02/06, Hugh Dickins wrote:
>
> On Sun, 3 Feb 2008, Oleg Nesterov wrote:
>
> > mmap_region() checks "file != NULL" when we know "file && vma_merge() == T".
> > Also, swap these if/else branches, imho make the code a bit more readable.
> >
> > Signed-off-by: Oleg Nesterov <[email protected]>
>
> Acked-with-a-but-by: Hugh Dickins <[email protected]>
>
> But my but is this: you can go one step further, it's silly to be
> repeating the "if (correct_wcount) atomic_inc..." in both the if
> and the else clauses.
Ah. Shame on me. Of course, I noticed these 2 correct_wcount's, but
didn't realize we can safely use "inode" after fput(). Not only the
caller should have a reference, vma_merge() requires that vm_file == file,
so fput(file) can't destroy the last reference.
> For several minutes I thought that must indicate we already had a
> bug there. Eventually I realized not: we need deny_write_access()
> above to test and deny atomically, then once we've merged or linked
> the vma it's securely denying in the vma itself: so before returning
> we need to undo our temporary denial. A brief comment might be
> worthwhile, perhaps something like
>
> /* Once vma denies write, undo our temporary denial count */
> if (correct_wcount)
> atomic_inc(&inode->i_writecount);
Thanks Hugh, I'll redo this cleanup.
Oleg.