From: Kylene Jo Hall <kjhall@us.ibm.com>

There is a NULL pointer dereference possible that was introduced in the
last round of modifications to the demotion code before merging. 
current->mm should be checked for existence before it is dereferenced to
check the value of the mm_users field.  This patch fixes all instances of
this bug.

Signed-off-by: Kylene Hall <kjhall@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
---

 security/slim/slm_main.c |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diff -puN security/slim/slm_main.c~slim-main-patch-fix-bug-with-mm_users-usage security/slim/slm_main.c
--- a/security/slim/slm_main.c~slim-main-patch-fix-bug-with-mm_users-usage
+++ a/security/slim/slm_main.c
@@ -481,7 +481,7 @@ static int enforce_integrity_read(struct
 	spin_lock(&cur_tsec->lock);
 	if (!is_iac_less_than_or_exempt(level, cur_tsec->iac_r)) {
 		rc = has_file_wperm(level);
-		if (atomic_read(&current->mm->mm_users) != 1)
+		if (current->mm && atomic_read(&current->mm->mm_users) != 1)
 			rc = 1;
 		if (rc)
 			spin_unlock(&cur_tsec->lock);
@@ -939,7 +939,7 @@ int slm_socket_create(int family, int ty
 			memset(&level, 0, sizeof(struct slm_file_xattr));
 			level.iac_level = SLM_IAC_UNTRUSTED;
 			rc = has_file_wperm(&level);
-			if (atomic_read(&current->mm->mm_users) != 1)
+			if (current->mm && atomic_read(&current->mm->mm_users) != 1)
 				rc = 1;
 			if (rc) {
 				spin_unlock(&cur_tsec->lock);
@@ -1094,7 +1094,7 @@ static int enforce_integrity_execute(str
 		cur_tsec->iac_r = cur_tsec->iac_wx;
 	else {
 		rc = has_file_wperm(level);
-		if (atomic_read(&current->mm->mm_users) != 1)
+		if (current->mm && atomic_read(&current->mm->mm_users) != 1)
 			rc = 1;
 		if (rc)
 			spin_unlock(&cur_tsec->lock);
_