[patch 2/5] oom: fix possible android low memory killer NULLpointer

From: David Rientjes
Date: Mon May 04 2009 - 12:35:55 EST


get_mm_rss() atomically dereferences the actual without checking for a
NULL pointer, which is possible since task_lock() is not held.

Cc: San Mehat <san@xxxxxxxxxxx>
Signed-off-by: David Rientjes <rientjes@xxxxxxxxxx>
---
drivers/staging/android/lowmemorykiller.c | 10 ++++++++--
1 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/drivers/staging/android/lowmemorykiller.c b/drivers/staging/android/lowmemorykiller.c
--- a/drivers/staging/android/lowmemorykiller.c
+++ b/drivers/staging/android/lowmemorykiller.c
@@ -80,12 +80,18 @@ static int lowmem_shrink(int nr_to_scan, gfp_t gfp_mask)
for_each_process(p) {
int oom_adj;

- if (!p->mm)
+ task_lock(p);
+ if (!p->mm) {
+ task_unlock(p);
continue;
+ }
oom_adj = p->oomkilladj;
- if (oom_adj < 0)
+ if (oom_adj < 0) {
+ task_unlock(p);
continue;
+ }
tasksize = get_mm_rss(p->mm);
+ task_unlock(p);
if (nr_to_scan > 0 && tasksize > 0) {
if (!selected || oom_adj > selected_oom_adj ||
(oom_adj == selected_oom_adj &&
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/