From: Greg KH on
2.6.33-stable review patch. If anyone has any objections, please let us know.

------------------

From: Ravikiran G Thirumalai <kiran(a)scalex86.org>

commit 413b43deab8377819aba1dbad2abf0c15d59b491 upstream.

Fix an 'oops' when a tmpfs mount point is mounted with the mpol=default
mempolicy.

Upon remounting a tmpfs mount point with 'mpol=default' option, the mount
code crashed with a null pointer dereference. The initial problem report
was on 2.6.27, but the problem exists in mainline 2.6.34-rc as well. On
examining the code, we see that mpol_new returns NULL if default mempolicy
was requested. This 'NULL' mempolicy is accessed to store the node mask
resulting in oops.

The following patch fixes it.

Signed-off-by: Ravikiran Thirumalai <kiran(a)scalex86.org>
Signed-off-by: KOSAKI Motohiro <kosaki.motohiro(a)jp.fujitsu.com>
Cc: Christoph Lameter <cl(a)linux-foundation.org>
Cc: Mel Gorman <mel(a)csn.ul.ie>
Acked-by: Lee Schermerhorn <lee.schermerhorn(a)hp.com>
Cc: Hugh Dickins <hugh.dickins(a)tiscali.co.uk>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh(a)suse.de>

---
mm/mempolicy.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)

--- a/mm/mempolicy.c
+++ b/mm/mempolicy.c
@@ -2187,10 +2187,15 @@ int mpol_parse_str(char *str, struct mem
goto out;
mode = MPOL_PREFERRED;
break;
-
+ case MPOL_DEFAULT:
+ /*
+ * Insist on a empty nodelist
+ */
+ if (!nodelist)
+ err = 0;
+ goto out;
/*
* case MPOL_BIND: mpol_new() enforces non-empty nodemask.
- * case MPOL_DEFAULT: mpol_new() enforces empty nodemask, ignores flags.
*/
}



--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo(a)vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/