From: David Rientjes <rientjes@google.com>
Date: Mon, 11 May 2009 22:45:14 +0000 (-0700)
Subject: Staging: android: lowmemorykiller: fix possible android low memory killer NULL pointer
X-Git-Tag: v2.6.31-rc1~105^2~64
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=5d14a573a4da521d4ed7acd0c7d8a975887b2dd2;p=profile%2Fivi%2Fkernel-adaptation-intel-automotive.git

Staging: android: lowmemorykiller: fix possible android low memory killer NULL pointer

get_mm_rss() atomically dereferences the actual without checking for a
NULL pointer, which is possible since task_lock() is not held.

Cc: San Mehat <san@android.com>
Cc: Arve Hjønnevåg <arve@android.com>
Signed-off-by: David Rientjes <rientjes@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---

diff --git a/drivers/staging/android/lowmemorykiller.c b/drivers/staging/android/lowmemorykiller.c
index f61333b..cba3b91 100644
--- a/drivers/staging/android/lowmemorykiller.c
+++ b/drivers/staging/android/lowmemorykiller.c
@@ -92,12 +92,18 @@ static int lowmem_shrink(int nr_to_scan, gfp_t gfp_mask)
 	for_each_process(p) {
 		int oom_adj;
 
-		if (!p->mm)
+		task_lock(p);
+		if (!p->mm) {
+			task_unlock(p);
 			continue;
+		}
 		oom_adj = p->oomkilladj;
-		if (oom_adj < min_adj)
+		if (oom_adj < min_adj) {
+			task_unlock(p);
 			continue;
+		}
 		tasksize = get_mm_rss(p->mm);
+		task_unlock(p);
 		if (tasksize <= 0)
 			continue;
 		if (selected) {