From: Dean Roe <roe@sgi.com>
Subject: Prevent NULL pointer deref in grab_swap_token
References: 159260
Patch-mainline: not yet
grab_swap_token() assumes that the current process has an mm struct,
which is not true for kernel threads invoking get_user_pages(). Since
this should be extremely rare, just return from grab_swap_token()
without doing anything.
Signed-off-by: Dean Roe <roe@sgi.com>
Acked-by: mason@suse.de
Acked-by: okir@suse.de
mm/thrash.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/mm/thrash.c
+++ b/mm/thrash.c
@@ -52,12 +52,15 @@ static struct mem_cgroup *swap_token_mem
void grab_swap_token(struct mm_struct *mm)
{
int current_interval;
- unsigned int old_prio = mm->token_priority;
+ unsigned int old_prio;
static unsigned int global_faults;
static unsigned int last_aging;
global_faults++;
+ if (mm == NULL)
+ return;
+ old_prio = mm->token_priority;
current_interval = global_faults - mm->faultstamp;
if (!spin_trylock(&swap_token_lock))