Commit 3268c63eded4612a3d07b56d1e02ce7731e6608e introduced two potential NULL dereferences.
Move the mmput calls into the if arms that have already tested for a valid mm.
Reported-by: Robert Święcki <robert@xxxxxxxxxxx>
Cc: Christoph Lameter <cl@xxxxxxxxx>
Signed-off-by: Dave Jones <davej@xxxxxxxxxx>
diff --git a/mm/mempolicy.c b/mm/mempolicy.c
index cfb6c86..6de4850 100644
--- a/mm/mempolicy.c
+++ b/mm/mempolicy.c
@@ -1361,13 +1361,12 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode,
mm = get_task_mm(task);
put_task_struct(task);
- if (mm)
+ if (mm) {
err = do_migrate_pages(mm, old, new,
capable(CAP_SYS_NICE) ? MPOL_MF_MOVE_ALL : MPOL_MF_MOVE);
- else
+ mmput(mm);
+ } else
err = -EINVAL;
-
- mmput(mm);
out:
NODEMASK_SCRATCH_FREE(scratch);
diff --git a/mm/migrate.c b/mm/migrate.c
index 51c08a0..d73d860 100644
--- a/mm/migrate.c
+++ b/mm/migrate.c
@@ -1389,15 +1389,15 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages,
put_task_struct(task);
if (mm) {
- if (nodes)
+ if (nodes) {
err = do_pages_move(mm, task_nodes, nr_pages, pages,
nodes, status, flags);
- else
+ mmput(mm);
+ } else
err = do_pages_stat(mm, nr_pages, pages, status);
} else
err = -EINVAL;
- mmput(mm);
return err;
out:
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>