Pandora Sourcecodes - pandora-kernel.git/commit

author	Hugh Dickins <hughd@google.com>
	Mon, 23 Jun 2014 20:22:07 +0000 (13:22 -0700)
committer	Ben Hutchings <ben@decadent.org.uk>
	Fri, 11 Jul 2014 12:33:54 +0000 (13:33 +0100)
commit	e0b2508d7d22cca58322a7d29f6339df0c01bf54
tree	c490d5aa39397c42e8e194ea53f2f09f2eaa60da	tree \| snapshot
parent	386292b433495a8dfc5c2991145943d97e559fff	commit \| diff

mm: fix crashes from mbind() merging vmas

commit d05f0cdcbe6388723f1900c549b4850360545201 upstream.

In v2.6.34 commit 9d8cebd4bcd7 ("mm: fix mbind vma merge problem")
introduced vma merging to mbind(), but it should have also changed the
convention of passing start vma from queue_pages_range() (formerly
check_range()) to new_vma_page(): vma merging may have already freed
that structure, resulting in BUG at mm/mempolicy.c:1738 and probably
worse crashes.

Fixes: 9d8cebd4bcd7 ("mm: fix mbind vma merge problem")
Reported-by: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
Tested-by: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
Signed-off-by: Hugh Dickins <hughd@google.com>
Acked-by: Christoph Lameter <cl@linux.com>
Cc: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Cc: Minchan Kim <minchan.kim@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
[bwh: Backported to 3.2:
- Adjust context
- Keep the same arguments to migrate_pages() except for private=start]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>