mm/fremap.c: fix oops on error path

If find_vma() fails, sys_remap_file_pages() will dereference `vma', which contains NULL. Fix it by checking the pointer. (We could alternatively check for err==0, but this seems more direct) (The vm_flags change is to squish a bogus used-uninitialised warning without adding extra code). Reported-by: Tommi Rantala <tt.rantala@gmail.com> Cc: Michel Lespinasse <walken@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
author: Andrew Morton <akpm@linux-foundation.org> 2013-03-13 17:59:43 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2013-03-13 18:21:47 -0400
commit: 6d7825b10dbeafd60627cd04291fb10ec2b5b973 (patch)
tree: 665fe65bbb0f931dc5d89596c0c12d2569638ea3 /mm/fremap.c
parent: c8615d3716fe327c2540cf514a34b227dc9b39e8 (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/mm/fremap.c b/mm/fremap.c
index 0cd4c11488ed..6a8da7ee85fd 100644
--- a/mm/fremap.c
+++ b/mm/fremap.c
@@ -163,7 +163,8 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size,
         * and that the remapped range is valid and fully within
         * the single existing vma.
         */
-        if (!vma || !(vma->vm_flags & VM_SHARED))
+        vm_flags = vma->vm_flags;
+        if (!vma || !(vm_flags & VM_SHARED))
                goto out;
        if (!vma->vm_ops || !vma->vm_ops->remap_pages)
@@ -254,7 +255,8 @@ get_write_lock:
         */
 out:
-        vm_flags = vma->vm_flags;
+        if (vma)
+                vm_flags = vma->vm_flags;
        if (likely(!has_write_lock))
                up_read(&mm->mmap_sem);
        else
author	Andrew Morton <akpm@linux-foundation.org>	2013-03-13 17:59:43 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2013-03-13 18:21:47 -0400
commit	6d7825b10dbeafd60627cd04291fb10ec2b5b973 (patch)
tree	665fe65bbb0f931dc5d89596c0c12d2569638ea3 /mm/fremap.c
parent	c8615d3716fe327c2540cf514a34b227dc9b39e8 (diff)