* Dan Carpenter <error27@xxxxxxxxx> [2010-10-28 13:12:41]:
> The original code had a null dereference if alloc_percpu() failed.
> This was introduced in 711d3d2c9bc3 "memcg: cpu hotplug aware percpu
> count updates"
>
> Signed-off-by: Dan Carpenter <error27@xxxxxxxxx>
>
> diff --git a/mm/memcontrol.c b/mm/memcontrol.c
> index 9a99cfa..2efa8ea 100644
> --- a/mm/memcontrol.c
> +++ b/mm/memcontrol.c
> @@ -4208,15 +4208,17 @@ static struct mem_cgroup *mem_cgroup_alloc(void)
>
> memset(mem, 0, size);
> mem->stat = alloc_percpu(struct mem_cgroup_stat_cpu);
> - if (!mem->stat) {
> - if (size < PAGE_SIZE)
> - kfree(mem);
> - else
> - vfree(mem);
> - mem = NULL;
> - }
> + if (!mem->stat)
> + goto out_free;
> spin_lock_init(&mem->pcp_counter_lock);
> return mem;
> +
> +out_free:
> + if (size < PAGE_SIZE)
> + kfree(mem);
> + else
> + vfree(mem);
> + return NULL;
> }
Good catch!
Reviewed-by: Balbir Singh <balbir@xxxxxxxxxxxxxxxxxx>
--
Three Cheers,
Balbir
--
To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
