git.itanic.dy.fi Git - linux-stable/commit

author	Peter Zijlstra <peterz@infradead.org>
	Tue, 4 Jun 2013 08:44:21 +0000 (10:44 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 3 Jul 2013 17:59:06 +0000 (10:59 -0700)
commit	703197b61d05f5edae54bad3256901c5a5c8794c
tree	68a7a7ea0fbf0348291f74075795fee86566b87c	tree \| snapshot
parent	535fad87e86d33ea41d4b8580fadf62f5865ae6b	commit \| diff

perf: Fix mmap() accounting hole

commit 9bb5d40cd93c9dd4be74834b1dcb1ba03629716b upstream.

Vince's fuzzer once again found holes. This time it spotted a leak in
the locked page accounting.

When an event had redirected output and its close() was the last
reference to the buffer we didn't have a vm context to undo accounting.

Change the code to destroy the buffer on the last munmap() and detach
all redirected events at that time. This provides us the right context
to undo the vm accounting.

[Backporting for 3.4-stable.
VM_RESERVED flag was replaced with pair 'VM_DONTEXPAND | VM_DONTDUMP' in
314e51b9 since 3.7.0-rc1, and 314e51b9 comes from a big patchset, we didn't
backport the patchset, so I restored 'VM_DNOTEXPAND | VM_DONTDUMP' as before:
- vma->vm_flags |= VM_DONTCOPY | VM_DONTEXPAND | VM_DONTDUMP;
+ vma->vm_flags |= VM_DONTCOPY | VM_RESERVED;
-- zliu]

Reported-and-tested-by: Vince Weaver <vincent.weaver@maine.edu>
Signed-off-by: Peter Zijlstra <peterz@infradead.org>
Link: http://lkml.kernel.org/r/20130604084421.GI8923@twins.programming.kicks-ass.net
Cc: <stable@kernel.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Zhouping Liu <zliu@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

kernel/events/core.c		diff \| blob \| history
kernel/events/internal.h		diff \| blob \| history