Revision 89a8640279f8bb78aaf778d1fc5c4a6778f18064 authored by David Howells on 30 October 2009, 13:13:26 UTC, committed by Linus Torvalds on 31 October 2009, 19:11:37 UTC
Don't pass NULL pointers to fput() in the error handling paths of the NOMMU
do_mmap_pgoff() as it can't handle it.
The following can be used as a test program:
int main() { static long long a[1024 * 1024 * 20] = { 0 }; return a;}
Without the patch, the code oopses in atomic_long_dec_and_test() as called by
fput() after the kernel complains that it can't allocate that big a chunk of
memory. With the patch, the kernel just complains about the allocation size
and then the program segfaults during execve() as execve() can't complete the
allocation of all the new ELF program segments.
Reported-by: Robin Getz <rgetz@blackfin.uclinux.org>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Robin Getz <rgetz@blackfin.uclinux.org>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
1 parent 2e2ec95
dontdiff
*.a
*.aux
*.bin
*.cpio
*.csp
*.dsp
*.dvi
*.elf
*.eps
*.fw
*.gen.S
*.gif
*.grep
*.grp
*.gz
*.html
*.i
*.jpeg
*.ko
*.log
*.lst
*.moc
*.mod.c
*.o
*.o.*
*.orig
*.out
*.pdf
*.png
*.ps
*.rej
*.s
*.sgml
*.so
*.so.dbg
*.symtypes
*.tab.c
*.tab.h
*.tex
*.ver
*.xml
*_MODULES
*_vga16.c
*~
*.9
*.9.gz
.*
.mm
53c700_d.h
CVS
ChangeSet
Image
Kerntypes
Module.markers
Module.symvers
PENDING
SCCS
System.map*
TAGS
aic7*reg.h*
aic7*reg_print.c*
aic7*seq.h*
aicasm
aicdb.h*
asm-offsets.h
asm_offsets.h
autoconf.h*
bbootsect
bin2c
binkernel.spec
binoffset
bootsect
bounds.h
bsetup
btfixupprep
build
bvmlinux
bzImage*
classlist.h*
comp*.log
compile.h*
conf
config
config-*
config_data.h*
config_data.gz*
conmakehash
consolemap_deftbl.c*
cpustr.h
crc32table.h*
cscope.*
defkeymap.c
devlist.h*
docproc
elf2ecoff
elfconfig.h*
fixdep
fore200e_mkfirm
fore200e_pca_fw.c*
gconf
gen-devlist
gen_crc32table
gen_init_cpio
genksyms
*_gray256.c
ihex2fw
ikconfig.h*
initramfs_data.cpio
initramfs_data.cpio.gz
initramfs_list
kallsyms
kconfig
keywords.c
ksym.c*
ksym.h*
kxgettext
lkc_defs.h
lex.c
lex.*.c
logo_*.c
logo_*_clut224.c
logo_*_mono.c
lxdialog
mach-types
mach-types.h
machtypes.h
map
maui_boot.h
mconf
miboot*
mk_elfconfig
mkboot
mkbugboot
mkcpustr
mkdep
mkprep
mktables
mktree
modpost
modules.order
modversions.h*
ncscope.*
offset.h
offsets.h
oui.c*
parse.c
parse.h
patches*
pca200e.bin
pca200e_ecd.bin2
piggy.gz
piggyback
pnmtologo
ppc_defs.h*
pss_boot.h
qconf
raid6altivec*.c
raid6int*.c
raid6tables.c
relocs
series
setup
setup.bin
setup.elf
sImage
sm_tbl*
split-include
syscalltab.h
tags
tftpboot.img
timeconst.h
times.h*
trix_boot.h
utsrelease.h*
vdso-syms.lds
vdso.lds
vdso32-int80-syms.lds
vdso32-syms.lds
vdso32-syscall-syms.lds
vdso32-sysenter-syms.lds
vdso32.lds
vdso32.so.dbg
vdso64.lds
vdso64.so.dbg
version.h*
vmlinux
vmlinux-*
vmlinux.aout
vmlinux.lds
vsyscall.lds
vsyscall_32.lds
wanxlfw.inc
uImage
unifdef
wakeup.bin
wakeup.elf
wakeup.lds
zImage*
zconf.hash.c
Computing file changes ...
