proc: fix oops on invalid /proc/<pid>/maps access
authorLinus Torvalds <torvalds@linux-foundation.org>
Mon, 28 Mar 2011 02:09:29 +0000 (19:09 -0700)
committerLinus Torvalds <torvalds@linux-foundation.org>
Mon, 28 Mar 2011 02:09:29 +0000 (19:09 -0700)
When m_start returns an error, the seq_file logic will still call m_stop
with that error entry, so we'd better make sure that we check it before
using it as a vma.

Introduced by commit ec6fd8a4355c ("report errors in /proc/*/*map*
sanely"), which replaced NULL with various ERR_PTR() cases.

(On ia64, you happen to get a unaligned fault instead of a page fault,
since the address used is generally some random error code like -EPERM)

Reported-by: Anca Emanuel <anca.emanuel@gmail.com>
Reported-by: Tony Luck <tony.luck@intel.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Américo Wang <xiyou.wangcong@gmail.com>
Cc: Stephen Wilson <wilsons@start.ca>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
fs/proc/task_mmu.c

index 7c708a418acc38412f4a4d77626be3dc4b39e03f..2e7addfd9803559ca03a2527aaab161006e3b482 100644 (file)
@@ -182,7 +182,8 @@ static void m_stop(struct seq_file *m, void *v)
        struct proc_maps_private *priv = m->private;
        struct vm_area_struct *vma = v;
 
-       vma_stop(priv, vma);
+       if (!IS_ERR(vma))
+               vma_stop(priv, vma);
        if (priv->task)
                put_task_struct(priv->task);
 }