mm: check for no mmaps in exit_mmap()

commit dcd4a049b9751828c516c59709f3fdf50436df85 upstream. When dup_mmap() ooms we can end up with mm->mmap == NULL. The error path does mmput() and unmap_vmas() gets a NULL vma which it dereferences. In exit_mmap() there is nothing to do at all for this case, we can cancel the callpath right there. [akpm@linux-foundation.org: add sorely-needed comment] Signed-off-by: Johannes Weiner <hannes@cmpxchg.org> Reported-by: Akinobu Mita <akinobu.mita@gmail.com> Cc: Nick Piggin <nickpiggin@yahoo.com.au> Cc: Hugh Dickins <hugh@veritas.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Reported-by: Kir Kolyshkin <kir@openvz.org> Tested-by: Kir Kolyshkin <kir@openvz.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
author: Johannes Weiner <hannes@cmpxchg.org> 2009-01-06 14:40:31 -0800
committer: Greg Kroah-Hartman <gregkh@suse.de> 2009-05-02 10:24:45 -0700
commit: 664b8ee764c295ff3bfd9736094a036dcc0ebda2 (patch)
tree: 1ad84571f84138aa3f8c9c90d7cc62d00b2d041c
parent: 5e7675e9c311b657bd75bcf7038d3d73e9b8e9e8 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/mm/mmap.c b/mm/mmap.c
index ca12a9308436..2ae093ed2cac 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -2068,6 +2068,9 @@ void exit_mmap(struct mm_struct *mm)
 	arch_exit_mmap(mm);
 	mmu_notifier_release(mm);
 
+	if (!mm->mmap)	/* Can happen if dup_mmap() received an OOM */
+		return;
+
 	lru_add_drain();
 	flush_cache_mm(mm);
 	tlb = tlb_gather_mmu(mm, 1);
author	Johannes Weiner <hannes@cmpxchg.org>	2009-01-06 14:40:31 -0800
committer	Greg Kroah-Hartman <gregkh@suse.de>	2009-05-02 10:24:45 -0700
commit	664b8ee764c295ff3bfd9736094a036dcc0ebda2 (patch)
tree	1ad84571f84138aa3f8c9c90d7cc62d00b2d041c
parent	5e7675e9c311b657bd75bcf7038d3d73e9b8e9e8 (diff)