mmap: fix copy_vma() failure path

The anon vma was not unlinked and the file was not closed in the failure path when the machine runs out of memory during the maple tree modification. This caused a memory leak of the anon vma chain and vma since neither would be freed. Link: https://lkml.kernel.org/r/20221011203621.1446507-1-Liam.Howlett@oracle.com Fixes: 524e00b36e8c ("mm: remove rb tree") Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com> Reported-by: Lukas Bulwahn <lukas.bulwahn@gmail.com> Tested-by: Lukas Bulwahn <lukas.bulwahn@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
author: Liam Howlett <liam.howlett@oracle.com> 2022-10-11 23:36:51 +0300
committer: Andrew Morton <akpm@linux-foundation.org> 2022-10-13 01:56:46 +0300
commit: 92b7399695a5cc961c44fc6e4624d3bc3c699ee7 (patch)
tree: 451e22c02a85744496fb4f755979693f2955d89f
parent: 7efc3b7261030da79001c00d92bc3392fd6c664c (diff)
download: linux-92b7399695a5cc961c44fc6e4624d3bc3c699ee7.tar.xz
1 files changed, 5 insertions, 0 deletions
diff --git a/mm/mmap.c b/mm/mmap.c
index 6e447544f07d..fc8581cefef7 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -3240,6 +3240,11 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
 out_vma_link:
 	if (new_vma->vm_ops && new_vma->vm_ops->close)
 		new_vma->vm_ops->close(new_vma);
+
+	if (new_vma->vm_file)
+		fput(new_vma->vm_file);
+
+	unlink_anon_vmas(new_vma);
 out_free_mempol:
 	mpol_put(vma_policy(new_vma));
 out_free_vma:
author	Liam Howlett <liam.howlett@oracle.com>	2022-10-11 23:36:51 +0300
committer	Andrew Morton <akpm@linux-foundation.org>	2022-10-13 01:56:46 +0300
commit	92b7399695a5cc961c44fc6e4624d3bc3c699ee7 (patch)
tree	451e22c02a85744496fb4f755979693f2955d89f
parent	7efc3b7261030da79001c00d92bc3392fd6c664c (diff)
download	linux-92b7399695a5cc961c44fc6e4624d3bc3c699ee7.tar.xz