From 5d14a573a4da521d4ed7acd0c7d8a975887b2dd2 Mon Sep 17 00:00:00 2001 From: David Rientjes Date: Mon, 11 May 2009 15:45:14 -0700 Subject: [PATCH] Staging: android: lowmemorykiller: fix possible android low memory killer NULL pointer MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit get_mm_rss() atomically dereferences the actual without checking for a NULL pointer, which is possible since task_lock() is not held. Cc: San Mehat Cc: Arve Hjønnevåg Signed-off-by: David Rientjes Signed-off-by: Greg Kroah-Hartman --- drivers/staging/android/lowmemorykiller.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/drivers/staging/android/lowmemorykiller.c b/drivers/staging/android/lowmemorykiller.c index f61333b..cba3b91 100644 --- a/drivers/staging/android/lowmemorykiller.c +++ b/drivers/staging/android/lowmemorykiller.c @@ -92,12 +92,18 @@ static int lowmem_shrink(int nr_to_scan, gfp_t gfp_mask) for_each_process(p) { int oom_adj; - if (!p->mm) + task_lock(p); + if (!p->mm) { + task_unlock(p); continue; + } oom_adj = p->oomkilladj; - if (oom_adj < min_adj) + if (oom_adj < min_adj) { + task_unlock(p); continue; + } tasksize = get_mm_rss(p->mm); + task_unlock(p); if (tasksize <= 0) continue; if (selected) { -- 2.7.4