Re: [no patch] broken use of mm_release / deactivate_mm

[Nick Piggin]

Linus Torvalds wrote:
> On Mon, 13 Sep 2004, Andries Brouwer wrote:
>
> > What happens at a fork, is that a long sequence of things is done,
> > and if a failure occurs all previous things are undone. Thus
> > (in copy_process()):
> >
> >        if ((retval = copy_mm(clone_flags, p)))
> >                goto bad_fork_cleanup_signal;
> >        if ((retval = copy_namespace(clone_flags, p)))
> >                goto bad_fork_cleanup_mm;
> >        retval = copy_thread(0, clone_flags, stack_start, stack_size, p, regs);
> >        if (retval)
> >                goto bad_fork_cleanup_namespace;
> >
> > ...
> >
> > bad_fork_cleanup_namespace:
> >        exit_namespace(p);
> > bad_fork_cleanup_mm:
> >        exit_mm(p);
> >        if (p->active_mm)
> >                mmdrop(p->active_mm);
>
>
> I agree. Looks like the "exit_mm()" should really be a "mmput()".
>
> Can we have a few more eyes on this thing? Ingo, Nick?

AFAIKS yes. exit_mm doesn't look legal unless its dropping the current
mm context. And mmput looks like it should clean up everything - it is
used almost exactly the same way to cleanup a failure case in copy_mm.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/