Commit 11c3d16e authored by Andrew Morton's avatar Andrew Morton Committed by Linus Torvalds

[PATCH] fix uninitialised vma list_head

From Zach Brown.  Lots of places forget to initialise list_heads in
vm_area_structs, and other places then go and test the state of those
list_heads.

Plug the gaps for now, Zach is working on a broader cleanup.
parent bce7c55d
...@@ -400,6 +400,7 @@ int setup_arg_pages(struct linux_binprm *bprm) ...@@ -400,6 +400,7 @@ int setup_arg_pages(struct linux_binprm *bprm)
mpnt->vm_ops = NULL; mpnt->vm_ops = NULL;
mpnt->vm_pgoff = 0; mpnt->vm_pgoff = 0;
mpnt->vm_file = NULL; mpnt->vm_file = NULL;
INIT_LIST_HEAD(&mpnt->shared);
mpnt->vm_private_data = (void *) 0; mpnt->vm_private_data = (void *) 0;
insert_vm_struct(mm, mpnt); insert_vm_struct(mm, mpnt);
mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT; mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT;
......
...@@ -246,6 +246,7 @@ static inline int dup_mmap(struct mm_struct * mm) ...@@ -246,6 +246,7 @@ static inline int dup_mmap(struct mm_struct * mm)
tmp->vm_mm = mm; tmp->vm_mm = mm;
tmp->vm_next = NULL; tmp->vm_next = NULL;
file = tmp->vm_file; file = tmp->vm_file;
INIT_LIST_HEAD(&tmp->shared);
if (file) { if (file) {
struct inode *inode = file->f_dentry->d_inode; struct inode *inode = file->f_dentry->d_inode;
get_file(file); get_file(file);
......
...@@ -553,6 +553,7 @@ unsigned long do_mmap_pgoff(struct file * file, unsigned long addr, ...@@ -553,6 +553,7 @@ unsigned long do_mmap_pgoff(struct file * file, unsigned long addr,
vma->vm_file = NULL; vma->vm_file = NULL;
vma->vm_private_data = NULL; vma->vm_private_data = NULL;
vma->vm_raend = 0; vma->vm_raend = 0;
INIT_LIST_HEAD(&vma->shared);
if (file) { if (file) {
error = -EINVAL; error = -EINVAL;
...@@ -1052,6 +1053,8 @@ int split_vma(struct mm_struct * mm, struct vm_area_struct * vma, ...@@ -1052,6 +1053,8 @@ int split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
/* most fields are the same, copy all, and then fixup */ /* most fields are the same, copy all, and then fixup */
*new = *vma; *new = *vma;
INIT_LIST_HEAD(&new->shared);
if (new_below) { if (new_below) {
new->vm_end = addr; new->vm_end = addr;
vma->vm_start = addr; vma->vm_start = addr;
...@@ -1215,6 +1218,7 @@ unsigned long do_brk(unsigned long addr, unsigned long len) ...@@ -1215,6 +1218,7 @@ unsigned long do_brk(unsigned long addr, unsigned long len)
vma->vm_pgoff = 0; vma->vm_pgoff = 0;
vma->vm_file = NULL; vma->vm_file = NULL;
vma->vm_private_data = NULL; vma->vm_private_data = NULL;
INIT_LIST_HEAD(&vma->shared);
vma_link(mm, vma, prev, rb_link, rb_parent); vma_link(mm, vma, prev, rb_link, rb_parent);
......
...@@ -227,6 +227,7 @@ static inline unsigned long move_vma(struct vm_area_struct * vma, ...@@ -227,6 +227,7 @@ static inline unsigned long move_vma(struct vm_area_struct * vma,
if (!move_page_tables(vma, new_addr, addr, old_len)) { if (!move_page_tables(vma, new_addr, addr, old_len)) {
if (allocated_vma) { if (allocated_vma) {
*new_vma = *vma; *new_vma = *vma;
INIT_LIST_HEAD(&new_vma->shared);
new_vma->vm_start = new_addr; new_vma->vm_start = new_addr;
new_vma->vm_end = new_addr+new_len; new_vma->vm_end = new_addr+new_len;
new_vma->vm_pgoff += (addr - vma->vm_start) >> PAGE_SHIFT; new_vma->vm_pgoff += (addr - vma->vm_start) >> PAGE_SHIFT;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment