mm_release() call in exit_mm() looks dangerous

From: Jesper Juhl
Date: Sun Nov 11 2007 - 18:41:12 EST

Next message: Frans Pop: "Re: Bind mount bug?"
Previous message: Jesper Juhl: "[PATCH] Fix problem with size of allocation in libsas"
Next in thread: Jeremy Fitzhardinge: "Re: mm_release() call in exit_mm() looks dangerous"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In kernel/exit.c we have this code :

static void exit_mm(struct task_struct * tsk)
{
struct mm_struct *mm = tsk->mm;

mm_release(tsk, mm);
if (!mm)
return;
...

But, mm_release() may dereference it's second argument ('mm'), so
shouldn't we be doing the "!mm" test *before* we call mm_release() and
not after?
I don't know the mm code well enough to be able to tell if some of the
other stuff mm_release does needs to be done always and the mm
dereference can't actually happen, but maybe someone else who knows
the code better can tell... In any case, what's currently there looks
a little shaky..

--
Jesper Juhl <jesper.juhl@xxxxxxxxx>
Don't top-post http://www.catb.org/~esr/jargon/html/T/top-post.html
Plain text mails only, please http://www.expita.com/nomime.html
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Frans Pop: "Re: Bind mount bug?"
Previous message: Jesper Juhl: "[PATCH] Fix problem with size of allocation in libsas"
Next in thread: Jeremy Fitzhardinge: "Re: mm_release() call in exit_mm() looks dangerous"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]