Re: [PATCH] hugetlb: fix resv_map leak in error path

[Christoph Lameter]

On Tue, 22 May 2012, Andrew Morton wrote:

> On Mon, 21 May 2012 13:28:14 -0700
> Dave Hansen <dave@xxxxxxxxxxxxxxxxxx> wrote:
>
> > When called for anonymous (non-shared) mappings,
> > hugetlb_reserve_pages() does a resv_map_alloc().  It depends on
> > code in hugetlbfs's vm_ops->close() to release that allocation.
> >
> > However, in the mmap() failure path, we do a plain unmap_region()
> > without the remove_vma() which actually calls vm_ops->close().
> >
> > This is a decent fix.  This leak could get reintroduced if
> > new code (say, after hugetlb_reserve_pages() in
> > hugetlbfs_file_mmap()) decides to return an error.  But, I think
> > it would have to unroll the reservation anyway.
>
> How far back does this bug go?  The patch applies to 3.4 but gets
> rejects in 3.3 and earlier.

The earliest that I have seen it on was 2.6.32. I have rediffed the patch
against 2.6.32 and 3.2.0.

----