[PATCH mm-unstable 0/2] mm/mmap: fix crashes in dup_mmap() error path

Next message: Hui Zhu: "[PATCH mm-unstable 1/2] mm/mmap: fix Use-After-Free of vma_iterator in dup_mmap() error path"
Previous message: Jason Wang: "Re: [PATCH v4 2/2] vduse: Fix race in vduse_dev_msg_sync and vduse_dev_read_iter"
Next in thread: Hui Zhu: "[PATCH mm-unstable 1/2] mm/mmap: fix Use-After-Free of vma_iterator in dup_mmap() error path"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Hui Zhu

Date: Wed Mar 04 2026 - 02:01:43 EST

From: Hui Zhu <zhuhui@xxxxxxxxxx>

This series fixes two potential kernel panics in the dup_mmap() error
path triggered during fork failures:
Fix Use-After-Free: Moves vma_iter_free() to the end of the cleanup
block to ensure the iterator remains valid during rollback.
Fix NULL Dereference: Adds a check for vma_next() results to prevent
crashing when the maple tree is empty.

Hui Zhu (2):
mm/mmap: fix Use-After-Free of vma_iterator in dup_mmap() error path
mm/mmap: fix NULL pointer dereference in dup_mmap() error handling

mm/mmap.c | 34 ++++++++++++++++++++--------------
1 file changed, 20 insertions(+), 14 deletions(-)

--
2.43.0