The original code had a null dereference if alloc_percpu() failed. This was introduced in 711d3d2c9bc3 "memcg: cpu hotplug aware percpu count updates" Signed-off-by: Dan Carpenter <error27@xxxxxxxxx> diff --git a/mm/memcontrol.c b/mm/memcontrol.c index 9a99cfa..2efa8ea 100644 --- a/mm/memcontrol.c +++ b/mm/memcontrol.c @@ -4208,15 +4208,17 @@ static struct mem_cgroup *mem_cgroup_alloc(void) memset(mem, 0, size); mem->stat = alloc_percpu(struct mem_cgroup_stat_cpu); - if (!mem->stat) { - if (size < PAGE_SIZE) - kfree(mem); - else - vfree(mem); - mem = NULL; - } + if (!mem->stat) + goto out_free; spin_lock_init(&mem->pcp_counter_lock); return mem; + +out_free: + if (size < PAGE_SIZE) + kfree(mem); + else + vfree(mem); + return NULL; } /* -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html