aboutsummaryrefslogtreecommitdiffstats
path: root/mm
diff options
context:
space:
mode:
authorJohannes Weiner <hannes@cmpxchg.org>2009-01-06 17:40:31 -0500
committerLinus Torvalds <torvalds@linux-foundation.org>2009-01-06 18:59:10 -0500
commitdcd4a049b9751828c516c59709f3fdf50436df85 (patch)
tree126fe11368da94f0c2e11ed586a870fa1b02f0a6 /mm
parent084f71ae5ceeb16734d8ac47559d3c718456a865 (diff)
mm: check for no mmaps in exit_mmap()
When dup_mmap() ooms we can end up with mm->mmap == NULL. The error path does mmput() and unmap_vmas() gets a NULL vma which it dereferences. In exit_mmap() there is nothing to do at all for this case, we can cancel the callpath right there. [akpm@linux-foundation.org: add sorely-needed comment] Signed-off-by: Johannes Weiner <hannes@cmpxchg.org> Reported-by: Akinobu Mita <akinobu.mita@gmail.com> Cc: Nick Piggin <nickpiggin@yahoo.com.au> Cc: Hugh Dickins <hugh@veritas.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'mm')
-rw-r--r--mm/mmap.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/mm/mmap.c b/mm/mmap.c
index 1f97d8aa9b05..a910c045cfd4 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -2090,6 +2090,9 @@ void exit_mmap(struct mm_struct *mm)
2090 arch_exit_mmap(mm); 2090 arch_exit_mmap(mm);
2091 mmu_notifier_release(mm); 2091 mmu_notifier_release(mm);
2092 2092
2093 if (!mm->mmap) /* Can happen if dup_mmap() received an OOM */
2094 return;
2095
2093 if (mm->locked_vm) { 2096 if (mm->locked_vm) {
2094 vma = mm->mmap; 2097 vma = mm->mmap;
2095 while (vma) { 2098 while (vma) {