Jonathan Corbet | 9 Nov 23:00 2006
Picon

[PATCH] Prevent an oops in vmalloc_user()

Prevent an oops in vmalloc_user()

If an attempt to allocate memory with vmalloc_user() fails, the result
will be an oops when it tries to tweak the flags in the (non-existent)
VMA.  One could argue that __find_vm_area() should not return a random
pointer on failure, but vmalloc_user() requires a check regardless.

Signed-off-by: Jonathan Corbet <corbet <at> lwn.net>

--- 2.6.19-rc5/mm/vmalloc.c.orig	2006-11-09 13:51:38.000000000 -0700
+++ 2.6.19-rc5/mm/vmalloc.c	2006-11-09 13:52:10.000000000 -0700
 <at>  <at>  -532,10 +532,12  <at>  <at>  void *vmalloc_user(unsigned long size)
 	void *ret;

 	ret = __vmalloc(size, GFP_KERNEL | __GFP_HIGHMEM | __GFP_ZERO, PAGE_KERNEL);
-	write_lock(&vmlist_lock);
-	area = __find_vm_area(ret);
-	area->flags |= VM_USERMAP;
-	write_unlock(&vmlist_lock);
+	if (ret) {
+		write_lock(&vmlist_lock);
+		area = __find_vm_area(ret);
+		area->flags |= VM_USERMAP;
+		write_unlock(&vmlist_lock);
+	}

 	return ret;
 }

Gmane