From 1d05aa19422a907949a5f7e46b06998f181075e1 Mon Sep 17 00:00:00 2001
From: "Liam R. Howlett" <Liam.Howlett@oracle.com>
Date: Thu, 12 May 2022 13:53:29 -0400
Subject: [PATCH] mm/mmap: Fix leak on expand_downwards() and expand_upwards()

A memory leak is possible in the race and error path in both
expand_downwards() and expand_upwards() due to the maple tree
preallocations.  Fix these by always destroying the maple state.

Fixes: a760774e7b7b (mm: start tracking VMAs with maple tree)
Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com>
---
 mm/mmap.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/mm/mmap.c b/mm/mmap.c
index d2fccec093fa8..546034e7e1f70 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -2017,6 +2017,7 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address)
 	}
 	anon_vma_unlock_write(vma->anon_vma);
 	khugepaged_enter_vma_merge(vma, vma->vm_flags);
+	mas_destroy(&mas);
 	return error;
 }
 #endif /* CONFIG_STACK_GROWSUP || CONFIG_IA64 */
@@ -2098,6 +2099,7 @@ int expand_downwards(struct vm_area_struct *vma, unsigned long address)
 	}
 	anon_vma_unlock_write(vma->anon_vma);
 	khugepaged_enter_vma_merge(vma, vma->vm_flags);
+	mas_destroy(&mas);
 	return error;
 }
 
-- 
2.50.1