[PATCH] MAP_FIXED|MAP_ANON crash fix

An anonymous fixed mmap with CONFIG_HUGETLB_PAGE=y will dereference NULL.  We
recur into the pagefault handler with mmap_sem held and lock up.

diff --git a/mm/mmap.c b/mm/mmap.c
index 7696c40185bdf36ec42745e6bc162de3326bce3c..54565f6cbcbde692a42a0a1892403b47f7cb144c 100644 (file)
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -801,7 +801,7 @@ get_unmapped_area(struct file *file, unsigned long addr, unsigned long len,
                        return -ENOMEM;
                if (addr & ~PAGE_MASK)
                        return -EINVAL;
-               if (is_file_hugepages(file)) {
+               if (file && is_file_hugepages(file)) {
                        unsigned long ret;
 
                        ret = is_aligned_hugepage_range(addr, len);