| commit | e6c7193d61d7affc144ad703b74524ddd574d2ee | [log] [tgz] |
|---|---|---|
| author | Hugh Dickins <[email protected]> | Tue Jun 20 09:10:44 2017 |
| committer | ChromeOS Commit Bot <[email protected]> | Mon Jul 10 16:54:06 2017 |
| tree | 11b5c6e094d5817672192925371d3b113243aeb1 | |
| parent | 18f3e2846cf87d1dc79ffec2873114478431a780 [diff] |
UPSTREAM: mm: fix new crash in unmapped_area_topdown() commit f4cb767d76cf7ee72f97dd76f6cfa6c76a5edc89 upstream. Trinity gets kernel BUG at mm/mmap.c:1963! in about 3 minutes of mmap testing. That's the VM_BUG_ON(gap_end < gap_start) at the end of unmapped_area_topdown(). Linus points out how MAP_FIXED (which does not have to respect our stack guard gap intentions) could result in gap_end below gap_start there. Fix that, and the similar case in its alternative, unmapped_area(). BUG=chromium:726072, chromium:724093 TEST=Build and run Change-Id: Ib30cb5cb70c80f7186caf63f7ac1def7ded76e8b Fixes: 1be7107fbe18 ("mm: larger stack guard gap, between vmas") Reported-by: Dave Jones <[email protected]> Debugged-by: Linus Torvalds <[email protected]> Signed-off-by: Hugh Dickins <[email protected]> Acked-by: Michal Hocko <[email protected]> Signed-off-by: Linus Torvalds <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> Signed-off-by: Guenter Roeck <[email protected]> (cherry picked from commit 1f2284fac218, git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git) Reviewed-on: https://chromium-review.googlesource.com/545099 Commit-Ready: Sonny Rao <[email protected]> Reviewed-by: Sonny Rao <[email protected]> (cherry picked from commit 2dd361385e91df1d33e208e35708a9150684ab1f) Reviewed-on: https://chromium-review.googlesource.com/565521