mm/mmap: fix crashes in dup_mmap() error path

[PATCH mm-unstable 0/2] mm/mmap: fix crashes in dup_mmap() error path

Hui Zhu posted 2 patches 1 month, 1 week ago

Download series mbox

mm/mmap.c | 34 ++++++++++++++++++++--------------
1 file changed, 20 insertions(+), 14 deletions(-)

Expand all Fold all

[PATCH mm-unstable 0/2] mm/mmap: fix crashes in dup_mmap() error path

Posted by Hui Zhu 1 month, 1 week ago

From: Hui Zhu <zhuhui@kylinos.cn>

This series fixes two potential kernel panics in the dup_mmap() error
path triggered during fork failures:
Fix Use-After-Free: Moves vma_iter_free() to the end of the cleanup
block to ensure the iterator remains valid during rollback.
Fix NULL Dereference: Adds a check for vma_next() results to prevent
crashing when the maple tree is empty.

Hui Zhu (2):
  mm/mmap: fix Use-After-Free of vma_iterator in dup_mmap() error path
  mm/mmap: fix NULL pointer dereference in dup_mmap() error handling

 mm/mmap.c | 34 ++++++++++++++++++++--------------
 1 file changed, 20 insertions(+), 14 deletions(-)

-- 
2.43.0