diff options
author | Andrew Morton <akpm@linux-foundation.org> | 2013-03-13 17:59:43 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2013-03-13 18:21:47 -0400 |
commit | 6d7825b10dbeafd60627cd04291fb10ec2b5b973 (patch) | |
tree | 665fe65bbb0f931dc5d89596c0c12d2569638ea3 /mm | |
parent | c8615d3716fe327c2540cf514a34b227dc9b39e8 (diff) |
mm/fremap.c: fix oops on error path
If find_vma() fails, sys_remap_file_pages() will dereference `vma', which
contains NULL. Fix it by checking the pointer.
(We could alternatively check for err==0, but this seems more direct)
(The vm_flags change is to squish a bogus used-uninitialised warning
without adding extra code).
Reported-by: Tommi Rantala <tt.rantala@gmail.com>
Cc: Michel Lespinasse <walken@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'mm')
-rw-r--r-- | mm/fremap.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/mm/fremap.c b/mm/fremap.c index 0cd4c11488ed..6a8da7ee85fd 100644 --- a/mm/fremap.c +++ b/mm/fremap.c | |||
@@ -163,7 +163,8 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size, | |||
163 | * and that the remapped range is valid and fully within | 163 | * and that the remapped range is valid and fully within |
164 | * the single existing vma. | 164 | * the single existing vma. |
165 | */ | 165 | */ |
166 | if (!vma || !(vma->vm_flags & VM_SHARED)) | 166 | vm_flags = vma->vm_flags; |
167 | if (!vma || !(vm_flags & VM_SHARED)) | ||
167 | goto out; | 168 | goto out; |
168 | 169 | ||
169 | if (!vma->vm_ops || !vma->vm_ops->remap_pages) | 170 | if (!vma->vm_ops || !vma->vm_ops->remap_pages) |
@@ -254,7 +255,8 @@ get_write_lock: | |||
254 | */ | 255 | */ |
255 | 256 | ||
256 | out: | 257 | out: |
257 | vm_flags = vma->vm_flags; | 258 | if (vma) |
259 | vm_flags = vma->vm_flags; | ||
258 | if (likely(!has_write_lock)) | 260 | if (likely(!has_write_lock)) |
259 | up_read(&mm->mmap_sem); | 261 | up_read(&mm->mmap_sem); |
260 | else | 262 | else |