Commit 6d7825b1 authored by Andrew Morton's avatar Andrew Morton Committed by Linus Torvalds

mm/fremap.c: fix oops on error path

If find_vma() fails, sys_remap_file_pages() will dereference `vma', which
contains NULL.  Fix it by checking the pointer.

(We could alternatively check for err==0, but this seems more direct)

(The vm_flags change is to squish a bogus used-uninitialised warning
without adding extra code).
Reported-by: default avatarTommi Rantala <tt.rantala@gmail.com>
Cc: Michel Lespinasse <walken@google.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent c8615d37
...@@ -163,7 +163,8 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size, ...@@ -163,7 +163,8 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size,
* and that the remapped range is valid and fully within * and that the remapped range is valid and fully within
* the single existing vma. * the single existing vma.
*/ */
if (!vma || !(vma->vm_flags & VM_SHARED)) vm_flags = vma->vm_flags;
if (!vma || !(vm_flags & VM_SHARED))
goto out; goto out;
if (!vma->vm_ops || !vma->vm_ops->remap_pages) if (!vma->vm_ops || !vma->vm_ops->remap_pages)
...@@ -254,7 +255,8 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size, ...@@ -254,7 +255,8 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size,
*/ */
out: out:
vm_flags = vma->vm_flags; if (vma)
vm_flags = vma->vm_flags;
if (likely(!has_write_lock)) if (likely(!has_write_lock))
up_read(&mm->mmap_sem); up_read(&mm->mmap_sem);
else else
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment