cgroup: Prevent double killing of css when enabling threaded cgroup

[mirror_ubuntu-bionic-kernel.git] / mm / nommu.c

diff --git a/mm/nommu.c b/mm/nommu.c
index 17c00d93de2e4973278845e98554ce2040445f65..b97ff72203ddfd7e62838f3858d49c8d1dc82ba3 100644 (file)
--- a/mm/nommu.c
+++ b/mm/nommu.c
@@ -641,7 +641,7 @@ static void __put_nommu_region(struct vm_region *region)
                up_write(&nommu_region_sem);
 
                if (region->vm_file)
-                       fput(region->vm_file);
+                       vmr_fput(region);
 
                /* IO memory and memory shared directly out of the pagecache
                 * from ramfs/tmpfs mustn't be released here */
@@ -799,9 +799,9 @@ static void delete_vma(struct mm_struct *mm, struct vm_area_struct *vma)
        if (vma->vm_ops && vma->vm_ops->close)
                vma->vm_ops->close(vma);
        if (vma->vm_file)
-               fput(vma->vm_file);
+               vma_fput(vma);
        put_nommu_region(vma->vm_region);
-       kmem_cache_free(vm_area_cachep, vma);
+       vm_area_free(vma);
 }
 
 /*
@@ -1236,7 +1236,7 @@ unsigned long do_mmap(struct file *file,
        if (!region)
                goto error_getting_region;
 
-       vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
+       vma = vm_area_alloc(current->mm);
        if (!vma)
                goto error_getting_vma;
 
@@ -1244,7 +1244,6 @@ unsigned long do_mmap(struct file *file,
        region->vm_flags = vm_flags;
        region->vm_pgoff = pgoff;
 
-       INIT_LIST_HEAD(&vma->anon_vma_chain);
        vma->vm_flags = vm_flags;
        vma->vm_pgoff = pgoff;
 
@@ -1321,7 +1320,7 @@ unsigned long do_mmap(struct file *file,
                                        goto error_just_free;
                                }
                        }
-                       fput(region->vm_file);
+                       vmr_fput(region);
                        kmem_cache_free(vm_region_jar, region);
                        region = pregion;
                        result = start;
@@ -1396,11 +1395,11 @@ error_just_free:
        up_write(&nommu_region_sem);
 error:
        if (region->vm_file)
-               fput(region->vm_file);
+               vmr_fput(region);
        kmem_cache_free(vm_region_jar, region);
        if (vma->vm_file)
-               fput(vma->vm_file);
-       kmem_cache_free(vm_area_cachep, vma);
+               vma_fput(vma);
+       vm_area_free(vma);
        return ret;
 
 sharing_violation:
@@ -1494,14 +1493,13 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
        if (!region)
                return -ENOMEM;
 
-       new = kmem_cache_alloc(vm_area_cachep, GFP_KERNEL);
+       new = vm_area_dup(vma);
        if (!new) {
                kmem_cache_free(vm_region_jar, region);
                return -ENOMEM;
        }
 
        /* most fields are the same, copy all, and then fixup */
-       *new = *vma;
        *region = *vma->vm_region;
        new->vm_region = region;
 
@@ -1815,7 +1813,8 @@ int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
        struct vm_area_struct *vma;
        int write = gup_flags & FOLL_WRITE;
 
-       down_read(&mm->mmap_sem);
+       if (down_read_killable(&mm->mmap_sem))
+               return 0;
 
        /* the access must start within one of the target process's mappings */
        vma = find_vma(mm, addr);