Commit dcd4a049 authored Jan 06, 2009 by Johannes Weiner Committed by Linus Torvalds Jan 06, 2009

mm: check for no mmaps in exit_mmap()



When dup_mmap() ooms we can end up with mm->mmap == NULL.  The error
path does mmput() and unmap_vmas() gets a NULL vma which it
dereferences.

In exit_mmap() there is nothing to do at all for this case, we can
cancel the callpath right there.

[akpm@linux-foundation.org: add sorely-needed comment]
Signed-off-by: Johannes Weiner <hannes@cmpxchg.org>
Reported-by: Akinobu Mita <akinobu.mita@gmail.com>
Cc: Nick Piggin <nickpiggin@yahoo.com.au>
Cc: Hugh Dickins <hugh@veritas.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

parent 084f71ae

mm/mmap.c

+3 −0

Original line number	Diff line number	Diff line
		@@ -2090,6 +2090,9 @@ void exit_mmap(struct mm_struct *mm)
		arch_exit_mmap(mm);
		mmu_notifier_release(mm);

		if (!mm->mmap) /* Can happen if dup_mmap() received an OOM */
		return;

		if (mm->locked_vm) {
		vma = mm->mmap;
		while (vma) {