diff options
author | Andrea Arcangeli <aarcange@redhat.com> | 2010-04-23 13:17:39 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2010-04-24 14:31:24 -0400 |
commit | 93d5c9be1ddd57d4063ce463c9ac2be1e5ee14f1 (patch) | |
tree | 65455c40ec8c701789d8f16b825e5c290633c910 | |
parent | cac36f707119b792b2396aed371d6b5cdc194890 (diff) |
memcg: fix prepare migration
If a signal is pending (task being killed by sigkill)
__mem_cgroup_try_charge will write NULL into &mem, and css_put will oops
on null pointer dereference.
BUG: unable to handle kernel NULL pointer dereference at 0000000000000010
IP: [<ffffffff810fc6cc>] mem_cgroup_prepare_migration+0x7c/0xc0
PGD a5d89067 PUD a5d8a067 PMD 0
Oops: 0000 [#1] SMP
last sysfs file: /sys/devices/platform/microcode/firmware/microcode/loading
CPU 0
Modules linked in: nfs lockd nfs_acl auth_rpcgss sunrpc acpi_cpufreq pcspkr sg [last unloaded: microcode]
Pid: 5299, comm: largepages Tainted: G W 2.6.34-rc3 #3 Penryn1600SLI-110dB/To Be Filled By O.E.M.
RIP: 0010:[<ffffffff810fc6cc>] [<ffffffff810fc6cc>] mem_cgroup_prepare_migration+0x7c/0xc0
[nishimura@mxp.nes.nec.co.jp: fix merge issues]
Signed-off-by: Andrea Arcangeli <aarcange@redhat.com>
Acked-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Cc: Balbir Singh <balbir@in.ibm.com>
Signed-off-by: Daisuke Nishimura <nishimura@mxp.nes.nec.co.jp>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r-- | mm/memcontrol.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/mm/memcontrol.c b/mm/memcontrol.c index f4ede99c8b9b..6c755de385f7 100644 --- a/mm/memcontrol.c +++ b/mm/memcontrol.c | |||
@@ -2429,11 +2429,11 @@ int mem_cgroup_prepare_migration(struct page *page, struct mem_cgroup **ptr) | |||
2429 | } | 2429 | } |
2430 | unlock_page_cgroup(pc); | 2430 | unlock_page_cgroup(pc); |
2431 | 2431 | ||
2432 | *ptr = mem; | ||
2432 | if (mem) { | 2433 | if (mem) { |
2433 | ret = __mem_cgroup_try_charge(NULL, GFP_KERNEL, &mem, false); | 2434 | ret = __mem_cgroup_try_charge(NULL, GFP_KERNEL, ptr, false); |
2434 | css_put(&mem->css); | 2435 | css_put(&mem->css); |
2435 | } | 2436 | } |
2436 | *ptr = mem; | ||
2437 | return ret; | 2437 | return ret; |
2438 | } | 2438 | } |
2439 | 2439 | ||