From: john cooper <john.cooper@third-harmonic.com>
To: aarcange@redhat.com
Cc: Avi Kivity <avi@redhat.com>, kvm@vger.kernel.org, john.cooper@redhat.com
Subject: [PATCH] mm/memory.c:unmap_vmas(): fix NULL * deref
Date: Mon, 23 Mar 2009 14:50:45 -0400 [thread overview]
Message-ID: <49C7DA05.8070206@third-harmonic.com> (raw)
In-Reply-To: <200903231833.46550.andreas.tanz@kvt.de>
[-- Attachment #1: Type: text/plain, Size: 216 bytes --]
This cropped up in stress testing of a backport
of the mmu notifier mechanism, however it still
exists in 2.6.28.8 as well. Patch attached.
Signed-off-by: john.cooper@redhat.com
--
john.cooper@third-harmonic.com
[-- Attachment #2: mmu_notifier_unmap_vmas.patch --]
[-- Type: text/x-patch, Size: 976 bytes --]
mm/memory.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
=================================================================
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -899,9 +899,10 @@ unsigned long unmap_vmas(struct mmu_gath
unsigned long start = start_addr;
spinlock_t *i_mmap_lock = details? details->i_mmap_lock: NULL;
int fullmm = (*tlbp)->fullmm;
- struct mm_struct *mm = vma->vm_mm;
+ struct mm_struct *mm = vma ? vma->vm_mm : NULL;
- mmu_notifier_invalidate_range_start(mm, start_addr, end_addr);
+ if (mm)
+ mmu_notifier_invalidate_range_start(mm, start_addr, end_addr);
for ( ; vma && vma->vm_start < end_addr; vma = vma->vm_next) {
unsigned long end;
@@ -966,7 +967,8 @@ unsigned long unmap_vmas(struct mmu_gath
}
}
out:
- mmu_notifier_invalidate_range_end(mm, start_addr, end_addr);
+ if (mm)
+ mmu_notifier_invalidate_range_end(mm, start_addr, end_addr);
return start; /* which is now the end (or restart) address */
}
prev parent reply other threads:[~2009-03-23 19:32 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <200903180902.29139.andreas.tanz@kvt.de>
[not found] ` <200903181810.48603.andreas.tanz@kvt.de>
[not found] ` <49C20DEE.9040302@redhat.com>
2009-03-19 10:55 ` KVM on Via Nano (Isaiah) CPUs? <Virus checked> Andreas Tanz
2009-03-19 12:25 ` Avi Kivity
2009-03-19 15:10 ` Andreas Tanz
2009-03-19 15:19 ` Avi Kivity
2009-03-19 15:34 ` Andreas Tanz
2009-03-19 15:48 ` Avi Kivity
2009-03-19 17:05 ` Andreas Tanz
2009-03-19 17:20 ` Avi Kivity
2009-03-20 12:37 ` Andreas Tanz
2009-03-22 8:53 ` Avi Kivity
2009-03-22 9:03 ` Avi Kivity
2009-03-23 13:39 ` Andreas Tanz
2009-03-23 14:08 ` Avi Kivity
2009-03-23 17:33 ` Andreas Tanz
2009-03-23 18:41 ` Avi Kivity
2009-03-23 20:36 ` Avi Kivity
2009-03-25 9:45 ` Andreas Tanz
2009-03-23 18:50 ` john cooper [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=49C7DA05.8070206@third-harmonic.com \
--to=john.cooper@third-harmonic.com \
--cc=aarcange@redhat.com \
--cc=avi@redhat.com \
--cc=john.cooper@redhat.com \
--cc=kvm@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.