mm/mmap: properly unaccount memory on mas_preallocate() failure

security_vm_enough_memory_mm() accounts memory via a call to
vm_acct_memory().  Therefore any subsequent failures should unaccount for
this memory prior to returning the error.

Link: https://lkml.kernel.org/r/20221202045339.2999017-1-apopple@nvidia.com
Fixes: 28c5609fb236 ("mm/mmap: preallocate maple nodes for brk vma expansion")
Signed-off-by: Alistair Popple <apopple@nvidia.com>
Reviewed-by: Liam R. Howlett <Liam.Howlett@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

diff --git a/mm/mmap.c b/mm/mmap.c
index 1741273..7d24fc4 100644 (file)
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -2953,7 +2953,7 @@ static int do_brk_flags(struct ma_state *mas, struct vm_area_struct *vma,
                                addr >> PAGE_SHIFT, NULL_VM_UFFD_CTX, NULL)) {
                mas_set_range(mas, vma->vm_start, addr + len - 1);
                if (mas_preallocate(mas, vma, GFP_KERNEL))
-                       return -ENOMEM;
+                       goto unacct_fail;
 
                vma_adjust_trans_huge(vma, vma->vm_start, addr + len, 0);
                if (vma->anon_vma) {
@@ -2975,7 +2975,7 @@ static int do_brk_flags(struct ma_state *mas, struct vm_area_struct *vma,
        /* create a vma struct for an anonymous mapping */
        vma = vm_area_alloc(mm);
        if (!vma)
-               goto vma_alloc_fail;
+               goto unacct_fail;
 
        vma_set_anonymous(vma);
        vma->vm_start = addr;
@@ -3000,7 +3000,7 @@ out:
 
 mas_store_fail:
        vm_area_free(vma);
-vma_alloc_fail:
+unacct_fail:
        vm_unacct_memory(len >> PAGE_SHIFT);
        return -ENOMEM;
 }