projects / firefly-linux-kernel-4.4.55.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
USB: fix potential qtd use-after-free case in interrupt handler
[firefly-linux-kernel-4.4.55.git] / mm / ksm.c
diff --git a/mm/ksm.c b/mm/ksm.c
index d708b3ef2260282a3d6e5784a60c1fb003339f8e..9a68b0cf0a1c4c8009ee25d2990530d7e2927132 100644 (file)
--- a/mm/ksm.c
+++ b/mm/ksm.c
@@ -1302,6 +1302,12 @@ static struct rmap_item *scan_get_next_rmap_item(struct page **page)
                slot = list_entry(slot->mm_list.next, struct mm_slot, mm_list);
                ksm_scan.mm_slot = slot;
                spin_unlock(&ksm_mmlist_lock);
+               /*
+                * Although we tested list_empty() above, a racing __ksm_exit
+                * of the last mm on the list may have removed it since then.
+                */
+               if (slot == &ksm_mm_head)
+                       return NULL;
 next_mm:
                ksm_scan.address = 0;
                ksm_scan.rmap_list = &slot->rmap_list;
Unnamed repository; edit this file 'description' to name the repository.