From: Liam R. Howlett <Liam.Howlett@oracle.com>
Date: Thu, 12 May 2022 17:53:29 +0000 (-0400)
Subject: mm/mmap: Fix leak on expand_downwards() and expand_upwards()
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=1d05aa19422a907949a5f7e46b06998f181075e1;p=users%2Fjedix%2Flinux-maple.git

mm/mmap: Fix leak on expand_downwards() and expand_upwards()

A memory leak is possible in the race and error path in both
expand_downwards() and expand_upwards() due to the maple tree
preallocations.  Fix these by always destroying the maple state.

Fixes: a760774e7b7b (mm: start tracking VMAs with maple tree)
Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com>
---

diff --git a/mm/mmap.c b/mm/mmap.c
index d2fccec093fa..546034e7e1f7 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -2017,6 +2017,7 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address)
 	}
 	anon_vma_unlock_write(vma->anon_vma);
 	khugepaged_enter_vma_merge(vma, vma->vm_flags);
+	mas_destroy(&mas);
 	return error;
 }
 #endif /* CONFIG_STACK_GROWSUP || CONFIG_IA64 */
@@ -2098,6 +2099,7 @@ int expand_downwards(struct vm_area_struct *vma, unsigned long address)
 	}
 	anon_vma_unlock_write(vma->anon_vma);
 	khugepaged_enter_vma_merge(vma, vma->vm_flags);
+	mas_destroy(&mas);
 	return error;
 }