Skip to content

Commit

Permalink
ipc, shm: guard against non-existant vma in shmdt(2)
Browse files Browse the repository at this point in the history 
When !CONFIG_MMU there's a chance we can derefence a NULL pointer when the
VM area isn't found - check the return value of find_vma().

Also, remove the redundant -EINVAL return: retval is set to the proper
return code and *only* changed to 0, when we actually unmap the segments.

Signed-off-by: Davidlohr Bueso <[email protected]>
Cc: Sedat Dilek <[email protected]>
Cc: Rik van Riel <[email protected]>
Cc: Manfred Spraul <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
  • Loading branch information
@torvalds
Davidlohr Bueso authored and torvalds committed Sep 11, 2013
1 parent 05603c4 commit 530fcd1
Showing 1 changed file with 1 addition and 2 deletions.
3 changes: 1 addition & 2 deletions ipc/shm.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1288,8 +1288,7 @@ SYSCALL_DEFINE1(shmdt, char __user *, shmaddr)
#else /* CONFIG_MMU */
/* under NOMMU conditions, the exact address to be destroyed must be
* given */
retval = -EINVAL;
if (vma->vm_start == addr && vma->vm_ops == &shm_vm_ops) {
if (vma && vma->vm_start == addr && vma->vm_ops == &shm_vm_ops) {
do_munmap(mm, vma->vm_start, vma->vm_end - vma->vm_start);
retval = 0;
}
Expand Down

0 comments on commit 530fcd1

Please sign in to comment.