git.baikalelectronics.ru Git - kernel.git/commit

author	Bui Quang Minh <minhquangbui99@gmail.com>
	Sat, 20 Nov 2021 00:43:40 +0000 (16:43 -0800)
committer	Linus Torvalds <torvalds@linux-foundation.org>
	Sat, 20 Nov 2021 18:35:54 +0000 (10:35 -0800)
commit	f8e25ababcb8aaf820c4e2847bd947cd2da47455
tree	9f594be76a840658faf441faa4bb8cdeb48211b7	tree \| snapshot
parent	0a1277e7b7694e6c47297cdf609e85378833c9c8	commit \| diff

hugetlb: fix hugetlb cgroup refcounting during mremap

When hugetlb_vm_op_open() is called during copy_vma(), we may take the
reference to resv_map->css. Later, when clearing the reservation
pointer of old_vma after transferring it to new_vma, we forget to drop
the reference to resv_map->css. This leads to a reference leak of css.

Fixes this by adding a check to drop reservation css reference in
clear_vma_resv_huge_pages()

Link: https://lkml.kernel.org/r/20211113154412.91134-1-minhquangbui99@gmail.com
Fixes: b5baa59aa48dc9 ("mm, hugepages: add mremap() support for hugepage backed vma")
Signed-off-by: Bui Quang Minh <minhquangbui99@gmail.com>
Reviewed-by: Mike Kravetz <mike.kravetz@oracle.com>
Reviewed-by: Mina Almasry <almasrymina@google.com>
Cc: Miaohe Lin <linmiaohe@huawei.com>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Muchun Song <songmuchun@bytedance.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

include/linux/hugetlb_cgroup.h		diff \| blob \| history
mm/hugetlb.c		diff \| blob \| history