diff options
author | Johannes Weiner <hannes@cmpxchg.org> | 2009-01-06 17:40:31 -0500 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2009-01-06 18:59:10 -0500 |
commit | dcd4a049b9751828c516c59709f3fdf50436df85 (patch) | |
tree | 126fe11368da94f0c2e11ed586a870fa1b02f0a6 /mm | |
parent | 084f71ae5ceeb16734d8ac47559d3c718456a865 (diff) |
mm: check for no mmaps in exit_mmap()
When dup_mmap() ooms we can end up with mm->mmap == NULL. The error
path does mmput() and unmap_vmas() gets a NULL vma which it
dereferences.
In exit_mmap() there is nothing to do at all for this case, we can
cancel the callpath right there.
[akpm@linux-foundation.org: add sorely-needed comment]
Signed-off-by: Johannes Weiner <hannes@cmpxchg.org>
Reported-by: Akinobu Mita <akinobu.mita@gmail.com>
Cc: Nick Piggin <nickpiggin@yahoo.com.au>
Cc: Hugh Dickins <hugh@veritas.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'mm')
-rw-r--r-- | mm/mmap.c | 3 |
1 files changed, 3 insertions, 0 deletions
@@ -2090,6 +2090,9 @@ void exit_mmap(struct mm_struct *mm) | |||
2090 | arch_exit_mmap(mm); | 2090 | arch_exit_mmap(mm); |
2091 | mmu_notifier_release(mm); | 2091 | mmu_notifier_release(mm); |
2092 | 2092 | ||
2093 | if (!mm->mmap) /* Can happen if dup_mmap() received an OOM */ | ||
2094 | return; | ||
2095 | |||
2093 | if (mm->locked_vm) { | 2096 | if (mm->locked_vm) { |
2094 | vma = mm->mmap; | 2097 | vma = mm->mmap; |
2095 | while (vma) { | 2098 | while (vma) { |