From: Jinjiang Tu <tujinjiang@xxxxxxxxxxxxx>
when shrinker is registered with SHRINKER_MEMCG_AWARE flag,
register_shrinker will not initialize shrinker->nr_deferred,
but the pointer will be passed to kfree in unregister_shrinker
when the shrinker is unregistered. This leads to kernel crash
when the shrinker object is dynamically allocated.
To fix it, this patch initialize shrinker->nr_deferred at the
beginning of prealloc_shrinker.
Signed-off-by: Jinjiang Tu <tujinjiang@xxxxxxxxxxxxx>
---
mm/vmscan.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/mm/vmscan.c b/mm/vmscan.c
index f7d9a683e3a7..06ab5a398971 100644
--- a/mm/vmscan.c
+++ b/mm/vmscan.c
@@ -613,6 +613,7 @@ int prealloc_shrinker(struct shrinker *shrinker)
unsigned int size;
int err;
+ shrinker->nr_deferred = NULL;
if (shrinker->flags & SHRINKER_MEMCG_AWARE) {
err = prealloc_memcg_shrinker(shrinker);
if (err != -ENOSYS)
--
2.17.1
