Commit e1e71f9b authored by Andrew Morton's avatar Andrew Morton Committed by Linus Torvalds

[PATCH] numa api: fix end of memory handling in mbind

From: Andi Kleen <ak@suse.de>

This fixes a user triggerable crash in mbind() in NUMA API.  It would oops
when running into the end of memory.  Actually not really oops, because a
oops with the mm sem hold for writing always deadlocks.
parent e8a2ef16
......@@ -271,7 +271,7 @@ check_range(struct mm_struct *mm, unsigned long start, unsigned long end,
if (!first)
return ERR_PTR(-EFAULT);
prev = NULL;
for (vma = first; vma->vm_start < end; vma = vma->vm_next) {
for (vma = first; vma && vma->vm_start < end; vma = vma->vm_next) {
if (!vma->vm_next && vma->vm_end < end)
return ERR_PTR(-EFAULT);
if (prev && prev->vm_end < vma->vm_start)
......@@ -317,7 +317,7 @@ static int mbind_range(struct vm_area_struct *vma, unsigned long start,
int err;
err = 0;
for (; vma->vm_start < end; vma = next) {
for (; vma && vma->vm_start < end; vma = next) {
next = vma->vm_next;
if (vma->vm_start < start)
err = split_vma(vma->vm_mm, vma, start, 1);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment