releases/2.6.34.15/mm-bugfix-set-current-reclaim_state-to-NULL-while-re.patch - pub/scm/linux/kernel/git/paulg/longterm-queue-2.6.34 - Git at Google

 From 7d3406a32b112d9590ce276c5b122feccf48dbe6 Mon Sep 17 00:00:00 2001
 From: Takamori Yamaguchi <takamori.yamaguchi@jp.sony.com>
 Date: Thu, 8 Nov 2012 15:53:39 -0800
 Subject: [PATCH] mm: bugfix: set current->reclaim_state to NULL while
  returning from kswapd()

 commit b0a8cc58e6b9aaae3045752059e5e6260c0b94bc upstream.

 In kswapd(), set current->reclaim_state to NULL before returning, as
 current->reclaim_state holds reference to variable on kswapd()'s stack.

 In rare cases, while returning from kswapd() during memory offlining,
 __free_slab() and freepages() can access the dangling pointer of
 current->reclaim_state.

 Signed-off-by: Takamori Yamaguchi <takamori.yamaguchi@jp.sony.com>
 Signed-off-by: Aaditya Kumar <aaditya.kumar@ap.sony.com>
 Acked-by: David Rientjes <rientjes@google.com>
 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
 Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
 ---
  mm/vmscan.c | 2 ++
  1 file changed, 2 insertions(+)

 diff --git a/mm/vmscan.c b/mm/vmscan.c
 index 5c4620600333..365a899bcae0 100644
 --- a/mm/vmscan.c
 +++ b/mm/vmscan.c
 @@ -2341,6 +2341,8 @@ static int kswapd(void *p)
  		if (!ret)
  			balance_pgdat(pgdat, order);
  	}
 +
 +	current->reclaim_state = NULL;
  	return 0;
  }

 --
 1.8.5.2
	From 7d3406a32b112d9590ce276c5b122feccf48dbe6 Mon Sep 17 00:00:00 2001
	From: Takamori Yamaguchi <takamori.yamaguchi@jp.sony.com>
	Date: Thu, 8 Nov 2012 15:53:39 -0800
	Subject: [PATCH] mm: bugfix: set current->reclaim_state to NULL while
	returning from kswapd()

	commit b0a8cc58e6b9aaae3045752059e5e6260c0b94bc upstream.

	In kswapd(), set current->reclaim_state to NULL before returning, as
	current->reclaim_state holds reference to variable on kswapd()'s stack.

	In rare cases, while returning from kswapd() during memory offlining,
	__free_slab() and freepages() can access the dangling pointer of
	current->reclaim_state.

	Signed-off-by: Takamori Yamaguchi <takamori.yamaguchi@jp.sony.com>
	Signed-off-by: Aaditya Kumar <aaditya.kumar@ap.sony.com>
	Acked-by: David Rientjes <rientjes@google.com>
	Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
	Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
	Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
	---
	mm/vmscan.c \| 2 ++
	1 file changed, 2 insertions(+)

	diff --git a/mm/vmscan.c b/mm/vmscan.c
	index 5c4620600333..365a899bcae0 100644
	--- a/mm/vmscan.c
	+++ b/mm/vmscan.c
	@@ -2341,6 +2341,8 @@ static int kswapd(void *p)
	if (!ret)
	balance_pgdat(pgdat, order);
	}
	+
	+ current->reclaim_state = NULL;
	return 0;
	}

	--
	1.8.5.2