diff options
author | Johannes Weiner <hannes@cmpxchg.org> | 2009-01-06 14:40:31 -0800 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@suse.de> | 2009-05-02 10:24:45 -0700 |
commit | 664b8ee764c295ff3bfd9736094a036dcc0ebda2 (patch) | |
tree | 1ad84571f84138aa3f8c9c90d7cc62d00b2d041c | |
parent | 5e7675e9c311b657bd75bcf7038d3d73e9b8e9e8 (diff) |
mm: check for no mmaps in exit_mmap()
commit dcd4a049b9751828c516c59709f3fdf50436df85 upstream.
When dup_mmap() ooms we can end up with mm->mmap == NULL. The error
path does mmput() and unmap_vmas() gets a NULL vma which it
dereferences.
In exit_mmap() there is nothing to do at all for this case, we can
cancel the callpath right there.
[akpm@linux-foundation.org: add sorely-needed comment]
Signed-off-by: Johannes Weiner <hannes@cmpxchg.org>
Reported-by: Akinobu Mita <akinobu.mita@gmail.com>
Cc: Nick Piggin <nickpiggin@yahoo.com.au>
Cc: Hugh Dickins <hugh@veritas.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Reported-by: Kir Kolyshkin <kir@openvz.org>
Tested-by: Kir Kolyshkin <kir@openvz.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-rw-r--r-- | mm/mmap.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/mm/mmap.c b/mm/mmap.c index ca12a930843..2ae093ed2ca 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -2068,6 +2068,9 @@ void exit_mmap(struct mm_struct *mm) arch_exit_mmap(mm); mmu_notifier_release(mm); + if (!mm->mmap) /* Can happen if dup_mmap() received an OOM */ + return; + lru_add_drain(); flush_cache_mm(mm); tlb = tlb_gather_mmu(mm, 1); |