When tracing through the code in vma_merge(), it was not completely
clear why the error return to a dup_anon_vma() call would not overwrite
a previous attempt to the same function. This commit adds a comment
specifying why it is safe.
Suggested-by: Jann Horn <[email protected]>
Link: https://lore.kernel.org/linux-mm/CAG48ez3iDwFPR=Ed1BfrNuyUJPMK_=StjxhUsCkL6po1s7bONg@mail.gmail.com/
Signed-off-by: Liam R. Howlett <[email protected]>
---
mm/mmap.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/mm/mmap.c b/mm/mmap.c
index f9f0a5fe4db4..9967acbd070f 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -943,6 +943,11 @@ struct vm_area_struct *vma_merge(struct vma_iterator *vmi, struct mm_struct *mm,
vma_start_write(curr);
remove = curr;
remove2 = next;
+ /*
+ * Note that the dup_anon_vma below cannot overwrite err
+ * since the first caller would do nothing unless next
+ * has an anon_vma.
+ */
if (!next->anon_vma)
err = dup_anon_vma(prev, curr, &anon_dup);
}
--
2.40.1
On Fri, Sep 29, 2023 at 02:30:41PM -0400, Liam R. Howlett wrote:
> When tracing through the code in vma_merge(), it was not completely
> clear why the error return to a dup_anon_vma() call would not overwrite
> a previous attempt to the same function. This commit adds a comment
> specifying why it is safe.
>
> Suggested-by: Jann Horn <[email protected]>
> Link: https://lore.kernel.org/linux-mm/CAG48ez3iDwFPR=Ed1BfrNuyUJPMK_=StjxhUsCkL6po1s7bONg@mail.gmail.com/
> Signed-off-by: Liam R. Howlett <[email protected]>
> ---
> mm/mmap.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/mm/mmap.c b/mm/mmap.c
> index f9f0a5fe4db4..9967acbd070f 100644
> --- a/mm/mmap.c
> +++ b/mm/mmap.c
> @@ -943,6 +943,11 @@ struct vm_area_struct *vma_merge(struct vma_iterator *vmi, struct mm_struct *mm,
> vma_start_write(curr);
> remove = curr;
> remove2 = next;
> + /*
> + * Note that the dup_anon_vma below cannot overwrite err
> + * since the first caller would do nothing unless next
> + * has an anon_vma.
> + */
> if (!next->anon_vma)
> err = dup_anon_vma(prev, curr, &anon_dup);
> }
> --
> 2.40.1
>
Nice comment! It causes me to sick up a bit in my mouth that this is a thing,
but it's good to have it documented.
Reviewed-by: Lorenzo Stoakes <[email protected]>
On 9/29/23 20:30, Liam R. Howlett wrote:
> When tracing through the code in vma_merge(), it was not completely
> clear why the error return to a dup_anon_vma() call would not overwrite
> a previous attempt to the same function. This commit adds a comment
> specifying why it is safe.
>
> Suggested-by: Jann Horn <[email protected]>
> Link: https://lore.kernel.org/linux-mm/CAG48ez3iDwFPR=Ed1BfrNuyUJPMK_=StjxhUsCkL6po1s7bONg@mail.gmail.com/
> Signed-off-by: Liam R. Howlett <[email protected]>
Acked-by: Vlastimil Babka <[email protected]>
> ---
> mm/mmap.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/mm/mmap.c b/mm/mmap.c
> index f9f0a5fe4db4..9967acbd070f 100644
> --- a/mm/mmap.c
> +++ b/mm/mmap.c
> @@ -943,6 +943,11 @@ struct vm_area_struct *vma_merge(struct vma_iterator *vmi, struct mm_struct *mm,
> vma_start_write(curr);
> remove = curr;
> remove2 = next;
> + /*
> + * Note that the dup_anon_vma below cannot overwrite err
> + * since the first caller would do nothing unless next
> + * has an anon_vma.
> + */
> if (!next->anon_vma)
> err = dup_anon_vma(prev, curr, &anon_dup);
> }