Since find_vma() may return NULL, so don't dereference the
returned 'vma' until it is valid.
The problem is introduced by the commit in linus tree:
6d7825b(mm/fremap.c: fix oops on error path).
Also mark vm_flags as ninitialized_var() to avoid compile
warning.
Cc: Tommi Rantala <[email protected]>
Cc: Michel Lespinasse <[email protected]>
Cc: Andrew Morton <[email protected]>
Cc: Linus Torvalds <[email protected]>
Signed-off-by: Ming Lei <[email protected]>
---
mm/fremap.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/mm/fremap.c b/mm/fremap.c
index 6a8da7e..80088e9 100644
--- a/mm/fremap.c
+++ b/mm/fremap.c
@@ -129,7 +129,7 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size,
struct vm_area_struct *vma;
int err = -EINVAL;
int has_write_lock = 0;
- vm_flags_t vm_flags;
+ vm_flags_t uninitialized_var(vm_flags);
if (prot)
return err;
@@ -163,8 +163,7 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size,
* and that the remapped range is valid and fully within
* the single existing vma.
*/
- vm_flags = vma->vm_flags;
- if (!vma || !(vm_flags & VM_SHARED))
+ if (!vma || !(vma->vm_flags & VM_SHARED))
goto out;
if (!vma->vm_ops || !vma->vm_ops->remap_pages)
--
1.7.9.5
On Sat, Mar 16, 2013 at 8:23 AM, Ming Lei <[email protected]> wrote:
> Since find_vma() may return NULL, so don't dereference the
> returned 'vma' until it is valid.
Agree this was an issue. This is fixed with commit a2362d24764a.
--
Michel "Walken" Lespinasse
A program is never fully debugged until the last user dies.
On Sun, Mar 17, 2013 at 12:44 PM, Michel Lespinasse <[email protected]> wrote:
> On Sat, Mar 16, 2013 at 8:23 AM, Ming Lei <[email protected]> wrote:
>> Since find_vma() may return NULL, so don't dereference the
>> returned 'vma' until it is valid.
>
> Agree this was an issue. This is fixed with commit a2362d24764a.
It is fine if the issue has been fixed, but I didn't see the commit a2362d
or other fix on both linus and next tree.
Thanks,
--
Ming Lei