linux-stable-rt/mm
Jeremy Fitzhardinge 9480c53e9b mm: rearrange exit_mmap() to unlock before arch_exit_mmap
Christophe Saout reported [in precursor to:
http://marc.info/?l=linux-kernel&m=123209902707347&w=4]:

> Note that I also some a different issue with CONFIG_UNEVICTABLE_LRU.
> Seems like Xen tears down current->mm early on process termination, so
> that __get_user_pages in exit_mmap causes nasty messages when the
> process had any mlocked pages.  (in fact, it somehow manages to get into
> the swapping code and produces a null pointer dereference trying to get
> a swap token)

Jeremy explained:

Yes.  In the normal case under Xen, an in-use pagetable is "pinned",
meaning that it is RO to the kernel, and all updates must go via hypercall
(or writes are trapped and emulated, which is much the same thing).  An
unpinned pagetable is not currently in use by any process, and can be
directly accessed as normal RW pages.

As an optimisation at process exit time, we unpin the pagetable as early
as possible (switching the process to init_mm), so that all the normal
pagetable teardown can happen with direct memory accesses.

This happens in exit_mmap() -> arch_exit_mmap().  The munlocking happens
a few lines below.  The obvious thing to do would be to move
arch_exit_mmap() to below the munlock code, but I think we'd want to
call it even if mm->mmap is NULL, just to be on the safe side.

Thus, this patch:

exit_mmap() needs to unlock any locked vmas before calling arch_exit_mmap,
as the latter may switch the current mm to init_mm, which would cause the
former to fail.

Signed-off-by: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com>
Signed-off-by: Lee Schermerhorn <lee.schermerhorn@hp.com>
Cc: Christophe Saout <christophe@saout.de>
Cc: Keir Fraser <keir.fraser@eu.citrix.com>
Cc: Christophe Saout <christophe@saout.de>
Cc: Alex Williamson <alex.williamson@hp.com>
Cc: <stable@kernel.org>		[2.6.28.x]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-02-11 14:25:37 -08:00
..
Kconfig
Makefile
allocpercpu.c
backing-dev.c
bootmem.c
bounce.c
dmapool.c
fadvise.c [CVE-2009-0029] System call wrapper special cases 2009-01-14 14:15:18 +01:00
failslab.c
filemap.c [CVE-2009-0029] System call wrapper special cases 2009-01-14 14:15:18 +01:00
filemap_xip.c
fremap.c Do not account for the address space used by hugetlbfs using VM_ACCOUNT 2009-02-10 10:48:42 -08:00
highmem.c
hugetlb.c Do not account for hugetlbfs quota at mmap() time if mapping [SHM|MAP]_NORESERVE 2009-02-11 12:38:09 -08:00
internal.h
maccess.c
madvise.c [CVE-2009-0029] System call wrappers part 14 2009-01-14 14:15:24 +01:00
memcontrol.c memcg: NULL pointer dereference at rmdir on some NUMA systems 2009-01-29 18:04:44 -08:00
memory.c do_wp_page: fix regression with execute in place 2009-02-05 12:56:48 -08:00
memory_hotplug.c
mempolicy.c [CVE-2009-0029] System call wrappers part 28 2009-01-14 14:15:30 +01:00
mempool.c
migrate.c migration: migrate_vmas should check "vma" 2009-02-11 14:25:34 -08:00
mincore.c [CVE-2009-0029] System call wrappers part 14 2009-01-14 14:15:24 +01:00
mlock.c mm: fix error case in mlock downgrade reversion 2009-02-08 13:53:28 -08:00
mm_init.c
mmap.c mm: rearrange exit_mmap() to unlock before arch_exit_mmap 2009-02-11 14:25:37 -08:00
mmu_notifier.c
mmzone.c
mprotect.c Do not account for the address space used by hugetlbfs using VM_ACCOUNT 2009-02-10 10:48:42 -08:00
mremap.c [CVE-2009-0029] System call wrappers part 13 2009-01-14 14:15:23 +01:00
msync.c [CVE-2009-0029] System call wrappers part 13 2009-01-14 14:15:23 +01:00
nommu.c uclinux: add process name to allocation error message 2009-01-27 16:42:03 +10:00
oom_kill.c
page-writeback.c writeback: fix break condition 2009-02-11 14:25:37 -08:00
page_alloc.c
page_cgroup.c memcg: use __GFP_NOWARN in page cgroup allocation 2009-02-11 14:25:35 -08:00
page_io.c
page_isolation.c
pagewalk.c
pdflush.c
prio_tree.c
quicklist.c
readahead.c
rmap.c mm: fix mlocked page counter mismatch 2009-02-11 14:25:35 -08:00
shmem.c Stop playing silly games with the VM_ACCOUNT flag 2009-01-31 15:08:56 -08:00
shmem_acl.c
slab.c
slob.c
slub.c slub: fix per cpu kmem_cache_cpu array memory leak 2009-01-28 10:43:42 +02:00
sparse-vmemmap.c
sparse.c
swap.c
swap_state.c
swapfile.c memcg: fix refcnt handling at swapoff 2009-01-29 18:04:43 -08:00
thrash.c
truncate.c
util.c
vmalloc.c revert "mm: vmalloc use mutex for purge" 2009-01-15 16:39:40 -08:00
vmscan.c
vmstat.c