in mmap_region when updating bean counters after calling ->mmap(...) which can change flags and file, but only when the flags change counters are updates. When updating on change of flags it is possible that the file pointer change too but it is not used and instead the cached file ptr is used.
Update counter when file changes too and use correct file when updating. Also avoid double fput on error - when changing file ->mmap fputs vma->vm_file and sets it to a new file. But the file pointer is not updated on error and the cached file ptr can be fput second time - in that case the result is crash at unlink_file_vma (maybe related to PSBM-146968). https://jira.vzint.dev/browse/PSBM-147170 Signed-off-by: Alexander Atanasov <alexander.atana...@virtuozzo.com> --- mm/mmap.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) This patch might also be a fix for https://jira.vzint.dev/browse/PSBM-146968 but there are more things to check there. diff --git a/mm/mmap.c b/mm/mmap.c index e8628d0d89ca..dcb06921c668 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -1827,15 +1827,17 @@ munmap_back: error = file->f_op->mmap(file, vma); if (error) goto unmap_and_free_vma; - if (vm_flags != vma->vm_flags) { + if (vm_flags != vma->vm_flags || file != vma->vm_file) { /* - * ->vm_flags has been changed in f_op->mmap method. + * ->vm_flags or file has been changed in f_op->mmap method. * We have to recharge ub memory. */ ub_memory_uncharge(mm, len, vm_flags, file); - if (ub_memory_charge(mm, len, vma->vm_flags, file, UB_HARD)) { + if (ub_memory_charge(mm, len, vma->vm_flags, + vma->vm_file, UB_HARD)) { ub_charged = 0; error = -ENOMEM; + file = vma->vm_file; goto unmap_and_free_vma; } } -- 2.39.1 _______________________________________________ Devel mailing list Devel@openvz.org https://lists.openvz.org/mailman/listinfo/devel
