From: Johannes Weiner Date: Tue, 6 Jan 2009 22:40:31 +0000 (-0800) Subject: mm: check for no mmaps in exit_mmap() X-Git-Tag: v2.6.29-rc1~395 X-Git-Url: http://pilppa.com/gitweb/?a=commitdiff_plain;h=dcd4a049b9751828c516c59709f3fdf50436df85;p=linux-2.6-omap-h63xx.git mm: check for no mmaps in exit_mmap() When dup_mmap() ooms we can end up with mm->mmap == NULL. The error path does mmput() and unmap_vmas() gets a NULL vma which it dereferences. In exit_mmap() there is nothing to do at all for this case, we can cancel the callpath right there. [akpm@linux-foundation.org: add sorely-needed comment] Signed-off-by: Johannes Weiner Reported-by: Akinobu Mita Cc: Nick Piggin Cc: Hugh Dickins Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- diff --git a/mm/mmap.c b/mm/mmap.c index 1f97d8aa9b0..a910c045cfd 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -2090,6 +2090,9 @@ void exit_mmap(struct mm_struct *mm) arch_exit_mmap(mm); mmu_notifier_release(mm); + if (!mm->mmap) /* Can happen if dup_mmap() received an OOM */ + return; + if (mm->locked_vm) { vma = mm->mmap; while (vma) {