proc: fix oops on invalid /proc/<pid>/maps access, CVE-2011-1020

[linux-flexiantxendom0-natty.git] / fs / proc / task_mmu.c

diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
index 3fe21d5..7f5e572 100644 (file)
--- a/fs/proc/task_mmu.c
+++ b/fs/proc/task_mmu.c
@@ -119,11 +119,11 @@ static void *m_start(struct seq_file *m, loff_t *pos)
 
        priv->task = get_pid_task(priv->pid, PIDTYPE_PID);
        if (!priv->task)
-               return NULL;
+               return ERR_PTR(-ESRCH);
 
        mm = mm_for_maps(priv->task);
-       if (!mm)
-               return NULL;
+       if (!mm || IS_ERR(mm))
+               return mm;
        down_read(&mm->mmap_sem);
 
        tail_vma = get_gate_vma(priv->task);
@@ -180,7 +180,8 @@ static void m_stop(struct seq_file *m, void *v)
        struct proc_maps_private *priv = m->private;
        struct vm_area_struct *vma = v;
 
-       vma_stop(priv, vma);
+       if (!IS_ERR(vma))
+               vma_stop(priv, vma);
        if (priv->task)
                put_task_struct(priv->task);
 }
@@ -730,9 +731,9 @@ static ssize_t pagemap_read(struct file *file, char __user *buf,
        if (!task)
                goto out;
 
-       ret = -EACCES;
        mm = mm_for_maps(task);
-       if (!mm)
+       ret = PTR_ERR(mm);
+       if (!mm || IS_ERR(mm))
                goto out_task;
 
        ret = -EINVAL;