diff options
author | David Rientjes <rientjes@google.com> | 2009-05-11 15:45:14 -0700 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@suse.de> | 2009-06-19 11:00:52 -0700 |
commit | 5d14a573a4da521d4ed7acd0c7d8a975887b2dd2 (patch) | |
tree | f7921727977b3474e6cbd04f58f990c4b2054971 /drivers | |
parent | 34006e11ee406daa98aaf685d2de80c70e68decf (diff) |
Staging: android: lowmemorykiller: fix possible android low memory killer NULL pointer
get_mm_rss() atomically dereferences the actual without checking for a
NULL pointer, which is possible since task_lock() is not held.
Cc: San Mehat <san@android.com>
Cc: Arve Hjønnevåg <arve@android.com>
Signed-off-by: David Rientjes <rientjes@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'drivers')
-rw-r--r-- | drivers/staging/android/lowmemorykiller.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/drivers/staging/android/lowmemorykiller.c b/drivers/staging/android/lowmemorykiller.c index f61333b9602..cba3b91d728 100644 --- a/drivers/staging/android/lowmemorykiller.c +++ b/drivers/staging/android/lowmemorykiller.c @@ -92,12 +92,18 @@ static int lowmem_shrink(int nr_to_scan, gfp_t gfp_mask) for_each_process(p) { int oom_adj; - if (!p->mm) + task_lock(p); + if (!p->mm) { + task_unlock(p); continue; + } oom_adj = p->oomkilladj; - if (oom_adj < min_adj) + if (oom_adj < min_adj) { + task_unlock(p); continue; + } tasksize = get_mm_rss(p->mm); + task_unlock(p); if (tasksize <= 0) continue; if (selected) { |