From 48ec782ce3e59d6ab14a8c1197c19826e61ac8e5 Mon Sep 17 00:00:00 2001 From: Davidlohr Bueso Date: Wed, 11 Sep 2013 14:26:28 -0700 Subject: [PATCH] ipc, shm: guard against non-existant vma in shmdt(2) commit 530fcd16d87cd2417c472a581ba5a1e501556c86 upstream. When !CONFIG_MMU there's a chance we can derefence a NULL pointer when the VM area isn't found - check the return value of find_vma(). Also, remove the redundant -EINVAL return: retval is set to the proper return code and *only* changed to 0, when we actually unmap the segments. Signed-off-by: Davidlohr Bueso Cc: Sedat Dilek Cc: Rik van Riel Cc: Manfred Spraul Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Cc: Mike Galbraith Signed-off-by: Greg Kroah-Hartman --- ipc/shm.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ipc/shm.c b/ipc/shm.c index 92d41e0b82e9..aa053a245759 100644 --- a/ipc/shm.c +++ b/ipc/shm.c @@ -1288,8 +1288,7 @@ SYSCALL_DEFINE1(shmdt, char __user *, shmaddr) #else /* CONFIG_MMU */ /* under NOMMU conditions, the exact address to be destroyed must be * given */ - retval = -EINVAL; - if (vma->vm_start == addr && vma->vm_ops == &shm_vm_ops) { + if (vma && vma->vm_start == addr && vma->vm_ops == &shm_vm_ops) { do_munmap(mm, vma->vm_start, vma->vm_end - vma->vm_start); retval = 0; } -- 2.34.1