mm: set vm_next and vm_prev to NULL in vm_area_dup()

Set ->vm_next and ->vm_prev to NULL to prevent potential misuse from the new duplicated vma. Currently, only in fork path there are misuse for handling anon_vma. No other bugs been revealed with this patch applied. Signed-off-by: Li Xinhai <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Acked-by: Kirill A. Shutemov <[email protected]> Cc: Matthew Wilcox <[email protected]> Cc: Johannes Weiner <[email protected]> Cc: Rik van Riel <[email protected]> Link: http://lkml.kernel.org/r/[email protected] Signed-off-by: Linus Torvalds <[email protected]>
author: Li Xinhai <[email protected]> 2020-04-06 20:03:39 -0700
committer: Linus Torvalds <[email protected]> 2020-04-07 10:43:37 -0700
commit: e39a4b332df69f6850efda5ce6d932ef14a39042 (patch)
tree: bb60f7247fc676a15dacb899ca15a02881535877
parent: 23ab76bf90a66d45e557f238f8806d147fc3be5d (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel/fork.c b/kernel/fork.c
index d3a5915d3cfe..4385f3d639f2 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -361,6 +361,7 @@ struct vm_area_struct *vm_area_dup(struct vm_area_struct *orig)
 	if (new) {
 		*new = *orig;
 		INIT_LIST_HEAD(&new->anon_vma_chain);
+		new->vm_next = new->vm_prev = NULL;
 	}
 	return new;
 }
@@ -562,7 +563,6 @@ static __latent_entropy int dup_mmap(struct mm_struct *mm,
 		} else if (anon_vma_fork(tmp, mpnt))
 			goto fail_nomem_anon_vma_fork;
 		tmp->vm_flags &= ~(VM_LOCKED | VM_LOCKONFAULT);
-		tmp->vm_next = tmp->vm_prev = NULL;
 		file = tmp->vm_file;
 		if (file) {
 			struct inode *inode = file_inode(file);
author	Li Xinhai <[email protected]>	2020-04-06 20:03:39 -0700
committer	Linus Torvalds <[email protected]>	2020-04-07 10:43:37 -0700
commit	e39a4b332df69f6850efda5ce6d932ef14a39042 (patch)
tree	bb60f7247fc676a15dacb899ca15a02881535877
parent	23ab76bf90a66d45e557f238f8806d147fc3be5d (diff)