[PATCH] Fix for 32-bit execve() error path

From: David Gibson <david@gibson.dropbear.id.au>

The patch below fixes a bug in ppc64's 32-bit execve() path.  It duplicates
logic already in the normal fs/exec.c do_execve() to avoid dropping a NULL
mm.  The bprm.mm becomes NULL once the exec passes the "point of no
return".  Without this patch a failure past that point (e.g.  mmap()
failure) will cause an oops, with it just a killed process.

diff --git a/arch/ppc64/kernel/sys_ppc32.c b/arch/ppc64/kernel/sys_ppc32.c
index 239e00422203eddd3d360bd8db12f8ad83a004ba..7d7e88304be8f50f248e95fc6e0fdcfa9c9e2629 100644 (file)
--- a/arch/ppc64/kernel/sys_ppc32.c
+++ b/arch/ppc64/kernel/sys_ppc32.c
@@ -2084,7 +2084,8 @@ out:
                security_bprm_free(&bprm);
 
 out_mm:
-       mmdrop(bprm.mm);
+       if (bprm.mm)
+               mmdrop(bprm.mm);
 
 out_file:
        if (bprm.file) {