diff options
| author | Davidlohr Bueso <davidlohr.bueso@hp.com> | 2013-09-11 17:26:28 -0400 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2013-10-18 10:45:48 -0400 |
| commit | 48ec782ce3e59d6ab14a8c1197c19826e61ac8e5 (patch) | |
| tree | 71c9dea53e09b8bd118967cb9a2843a53e067ea2 /ipc | |
| parent | a5daa172ff0897c52eb4c6da18b092c757264b2f (diff) | |
ipc, shm: guard against non-existant vma in shmdt(2)
commit 530fcd16d87cd2417c472a581ba5a1e501556c86 upstream.
When !CONFIG_MMU there's a chance we can derefence a NULL pointer when the
VM area isn't found - check the return value of find_vma().
Also, remove the redundant -EINVAL return: retval is set to the proper
return code and *only* changed to 0, when we actually unmap the segments.
Signed-off-by: Davidlohr Bueso <davidlohr.bueso@hp.com>
Cc: Sedat Dilek <sedat.dilek@gmail.com>
Cc: Rik van Riel <riel@redhat.com>
Cc: Manfred Spraul <manfred@colorfullife.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Mike Galbraith <efault@gmx.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'ipc')
| -rw-r--r-- | ipc/shm.c | 3 |
1 files changed, 1 insertions, 2 deletions
| @@ -1288,8 +1288,7 @@ SYSCALL_DEFINE1(shmdt, char __user *, shmaddr) | |||
| 1288 | #else /* CONFIG_MMU */ | 1288 | #else /* CONFIG_MMU */ |
| 1289 | /* under NOMMU conditions, the exact address to be destroyed must be | 1289 | /* under NOMMU conditions, the exact address to be destroyed must be |
| 1290 | * given */ | 1290 | * given */ |
| 1291 | retval = -EINVAL; | 1291 | if (vma && vma->vm_start == addr && vma->vm_ops == &shm_vm_ops) { |
| 1292 | if (vma->vm_start == addr && vma->vm_ops == &shm_vm_ops) { | ||
| 1293 | do_munmap(mm, vma->vm_start, vma->vm_end - vma->vm_start); | 1292 | do_munmap(mm, vma->vm_start, vma->vm_end - vma->vm_start); |
| 1294 | retval = 0; | 1293 | retval = 0; |
| 1295 | } | 1294 | } |