Staging: android: lowmemorykiller: fix possible android low memory killer NULL pointer

get_mm_rss() atomically dereferences the actual without checking for a
NULL pointer, which is possible since task_lock() is not held.

Cc: San Mehat <san@android.com>
Cc: Arve Hjønnevåg <arve@android.com>
Signed-off-by: David Rientjes <rientjes@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

diff --git a/drivers/staging/android/lowmemorykiller.c b/drivers/staging/android/lowmemorykiller.c
index f61333b96025f142672367750219e428ebbae32d..cba3b91d728ee933a088320f51c2e5de3ec04f1e 100644 (file)
--- a/drivers/staging/android/lowmemorykiller.c
+++ b/drivers/staging/android/lowmemorykiller.c
@@ -92,12 +92,18 @@ static int lowmem_shrink(int nr_to_scan, gfp_t gfp_mask)
        for_each_process(p) {
                int oom_adj;
 
-               if (!p->mm)
+               task_lock(p);
+               if (!p->mm) {
+                       task_unlock(p);
                        continue;
+               }
                oom_adj = p->oomkilladj;
-               if (oom_adj < min_adj)
+               if (oom_adj < min_adj) {
+                       task_unlock(p);
                        continue;
+               }
                tasksize = get_mm_rss(p->mm);
+               task_unlock(p);
                if (tasksize <= 0)
                        continue;
                if (selected) {