Huang Ying <ying.huang@xxxxxxxxx> writes:
> diff --git a/mm/memory-tiers.c b/mm/memory-tiers.c
> index fa1a8b418f9a..ca68ef17554b 100644
> --- a/mm/memory-tiers.c
> +++ b/mm/memory-tiers.c
> @@ -586,7 +586,7 @@ EXPORT_SYMBOL_GPL(init_node_memory_type);
> void clear_node_memory_type(int node, struct memory_dev_type *memtype)
> {
> mutex_lock(&memory_tier_lock);
> - if (node_memory_types[node].memtype == memtype)
> + if (node_memory_types[node].memtype == memtype || !memtype)
> node_memory_types[node].map_count--;
>
> /*
> * If we umapped all the attached devices to this node,
This implies it's possible memtype == NULL. Yet we have this:
* clear the node memory type.
*/
if (!node_memory_types[node].map_count) {
node_memory_types[node].memtype = NULL;
put_memory_type(memtype);
}
It's not safe to call put_memory_type(NULL), so what condition guarantees
map_count > 1 when called with memtype == NULL? Thanks.
- Alistair
