Commit 65b7ee8a authored by Andrew Morton's avatar Andrew Morton Committed by Linus Torvalds

[PATCH] Fix for 32-bit execve() error path

From: David Gibson <david@gibson.dropbear.id.au>

The patch below fixes a bug in ppc64's 32-bit execve() path.  It duplicates
logic already in the normal fs/exec.c do_execve() to avoid dropping a NULL
mm.  The bprm.mm becomes NULL once the exec passes the "point of no
return".  Without this patch a failure past that point (e.g.  mmap()
failure) will cause an oops, with it just a killed process.
parent d050b394
...@@ -2084,7 +2084,8 @@ static int do_execve32(char * filename, u32 * argv, u32 * envp, struct pt_regs * ...@@ -2084,7 +2084,8 @@ static int do_execve32(char * filename, u32 * argv, u32 * envp, struct pt_regs *
security_bprm_free(&bprm); security_bprm_free(&bprm);
out_mm: out_mm:
mmdrop(bprm.mm); if (bprm.mm)
mmdrop(bprm.mm);
out_file: out_file:
if (bprm.file) { if (bprm.file) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment