mmap: fix copy_vma() failure path

The anon vma was not unlinked and the file was not closed in the failure path when the machine runs out of memory during the maple tree modification. This caused a memory leak of the anon vma chain and vma since neither would be freed. Link: https://lkml.kernel.org/r/[email protected] Fixes: 524e00b36e8c ("mm: remove rb tree") Signed-off-by: Liam R. Howlett <[email protected]> Reported-by: Lukas Bulwahn <[email protected]> Tested-by: Lukas Bulwahn <[email protected]> Signed-off-by: Andrew Morton <[email protected]>
author: Liam Howlett <[email protected]> 2022-10-11 20:36:51 +0000
committer: Andrew Morton <[email protected]> 2022-10-12 15:56:46 -0700
commit: 92b7399695a5cc961c44fc6e4624d3bc3c699ee7 (patch)
tree: 451e22c02a85744496fb4f755979693f2955d89f
parent: 7efc3b7261030da79001c00d92bc3392fd6c664c (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/mm/mmap.c b/mm/mmap.c
index 6e447544f07d..fc8581cefef7 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -3240,6 +3240,11 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
 out_vma_link:
 	if (new_vma->vm_ops && new_vma->vm_ops->close)
 		new_vma->vm_ops->close(new_vma);
+
+	if (new_vma->vm_file)
+		fput(new_vma->vm_file);
+
+	unlink_anon_vmas(new_vma);
 out_free_mempol:
 	mpol_put(vma_policy(new_vma));
 out_free_vma:
author	Liam Howlett <[email protected]>	2022-10-11 20:36:51 +0000
committer	Andrew Morton <[email protected]>	2022-10-12 15:56:46 -0700
commit	92b7399695a5cc961c44fc6e4624d3bc3c699ee7 (patch)
tree	451e22c02a85744496fb4f755979693f2955d89f
parent	7efc3b7261030da79001c00d92bc3392fd6c664c (diff)