* [PATCH] mm/fremap.c: fix another oops on error path
@ 2013-03-16 15:23 Ming Lei
2013-03-17 4:44 ` Michel Lespinasse
0 siblings, 1 reply; 3+ messages in thread
From: Ming Lei @ 2013-03-16 15:23 UTC (permalink / raw)
To: Andrew Morton, linux-kernel
Cc: Ming Lei, Tommi Rantala, Michel Lespinasse, Linus Torvalds
Since find_vma() may return NULL, so don't dereference the
returned 'vma' until it is valid.
The problem is introduced by the commit in linus tree:
6d7825b(mm/fremap.c: fix oops on error path).
Also mark vm_flags as ninitialized_var() to avoid compile
warning.
Cc: Tommi Rantala <tt.rantala@gmail.com>
Cc: Michel Lespinasse <walken@google.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Ming Lei <tom.leiming@gmail.com>
---
mm/fremap.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/mm/fremap.c b/mm/fremap.c
index 6a8da7e..80088e9 100644
--- a/mm/fremap.c
+++ b/mm/fremap.c
@@ -129,7 +129,7 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size,
struct vm_area_struct *vma;
int err = -EINVAL;
int has_write_lock = 0;
- vm_flags_t vm_flags;
+ vm_flags_t uninitialized_var(vm_flags);
if (prot)
return err;
@@ -163,8 +163,7 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size,
* and that the remapped range is valid and fully within
* the single existing vma.
*/
- vm_flags = vma->vm_flags;
- if (!vma || !(vm_flags & VM_SHARED))
+ if (!vma || !(vma->vm_flags & VM_SHARED))
goto out;
if (!vma->vm_ops || !vma->vm_ops->remap_pages)
--
1.7.9.5
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] mm/fremap.c: fix another oops on error path
2013-03-16 15:23 [PATCH] mm/fremap.c: fix another oops on error path Ming Lei
@ 2013-03-17 4:44 ` Michel Lespinasse
2013-03-17 8:51 ` Ming Lei
0 siblings, 1 reply; 3+ messages in thread
From: Michel Lespinasse @ 2013-03-17 4:44 UTC (permalink / raw)
To: Ming Lei; +Cc: Andrew Morton, linux-kernel, Tommi Rantala, Linus Torvalds
On Sat, Mar 16, 2013 at 8:23 AM, Ming Lei <tom.leiming@gmail.com> wrote:
> Since find_vma() may return NULL, so don't dereference the
> returned 'vma' until it is valid.
Agree this was an issue. This is fixed with commit a2362d24764a.
--
Michel "Walken" Lespinasse
A program is never fully debugged until the last user dies.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] mm/fremap.c: fix another oops on error path
2013-03-17 4:44 ` Michel Lespinasse
@ 2013-03-17 8:51 ` Ming Lei
0 siblings, 0 replies; 3+ messages in thread
From: Ming Lei @ 2013-03-17 8:51 UTC (permalink / raw)
To: Michel Lespinasse
Cc: Andrew Morton, linux-kernel, Tommi Rantala, Linus Torvalds
On Sun, Mar 17, 2013 at 12:44 PM, Michel Lespinasse <walken@google.com> wrote:
> On Sat, Mar 16, 2013 at 8:23 AM, Ming Lei <tom.leiming@gmail.com> wrote:
>> Since find_vma() may return NULL, so don't dereference the
>> returned 'vma' until it is valid.
>
> Agree this was an issue. This is fixed with commit a2362d24764a.
It is fine if the issue has been fixed, but I didn't see the commit a2362d
or other fix on both linus and next tree.
Thanks,
--
Ming Lei
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2013-03-17 8:51 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-03-16 15:23 [PATCH] mm/fremap.c: fix another oops on error path Ming Lei
2013-03-17 4:44 ` Michel Lespinasse
2013-03-17 8:51 ` Ming Lei
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).