Commit 530fcd16 authored Sep 11, 2013 by Davidlohr Bueso Committed by Linus Torvalds Sep 11, 2013

ipc, shm: guard against non-existant vma in shmdt(2)



When !CONFIG_MMU there's a chance we can derefence a NULL pointer when the
VM area isn't found - check the return value of find_vma().

Also, remove the redundant -EINVAL return: retval is set to the proper
return code and *only* changed to 0, when we actually unmap the segments.

Signed-off-by: Davidlohr Bueso <davidlohr.bueso@hp.com>
Cc: Sedat Dilek <sedat.dilek@gmail.com>
Cc: Rik van Riel <riel@redhat.com>
Cc: Manfred Spraul <manfred@colorfullife.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

parent 05603c44

ipc/shm.c

+1 −2

Original line number	Original line	Diff line number	Diff line
	@@ -1288,8 +1288,7 @@ SYSCALL_DEFINE1(shmdt, char __user *, shmaddr)
	#else /* CONFIG_MMU */		#else /* CONFIG_MMU */
	/* under NOMMU conditions, the exact address to be destroyed must be		/* under NOMMU conditions, the exact address to be destroyed must be
	* given */		* given */
	retval = -EINVAL;		if (vma && vma->vm_start == addr && vma->vm_ops == &shm_vm_ops) {
	if (vma->vm_start == addr && vma->vm_ops == &shm_vm_ops) {
	do_munmap(mm, vma->vm_start, vma->vm_end - vma->vm_start);		do_munmap(mm, vma->vm_start, vma->vm_end - vma->vm_start);
	retval = 0;		retval = 0;
	}		}