From: Dean Roe <roe@sgi.com>
Subject: Prevent NULL pointer deref in grab_swap_token
References: 159260
Patch-mainline: not yet

grab_swap_token() assumes that the current process has an mm struct,
which is not true for kernel threads invoking get_user_pages().  Since
this should be extremely rare, just return from grab_swap_token()
without doing anything.

Signed-off-by: Dean Roe <roe@sgi.com>
Acked-by: mason@suse.de
Acked-by: okir@suse.de


 mm/thrash.c |    5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

--- a/mm/thrash.c
+++ b/mm/thrash.c
@@ -52,12 +52,15 @@ static struct mem_cgroup *swap_token_mem
 void grab_swap_token(struct mm_struct *mm)
 {
 	int current_interval;
-	unsigned int old_prio = mm->token_priority;
+	unsigned int old_prio;
 	static unsigned int global_faults;
 	static unsigned int last_aging;
 
 	global_faults++;
+	if (mm == NULL)
+		return;
 
+	old_prio = mm->token_priority;
 	current_interval = global_faults - mm->faultstamp;
 
 	if (!spin_trylock(&swap_token_lock))