From: Jerome Marchand <jmarchan@redhat.com>
Subject: [RHEL5.1 PATCH] BZ231639: kernel thread current->mm dereference in  grab_swap_token causes oops
Date: Mon, 26 Mar 2007 16:27:03 +0200
Bugzilla: 231639
Message-Id: <4607D837.3080807@redhat.com>
Changelog: [mm] NULL current->mm dereference in grab_swap_token causes oops


BZ# 231639
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=231639

An ISV experiments crashes when a kernel thread with NULL mm and
performing asynchronous direct i/o, executes grab_swap_token().

A simple solution is to make grab_swap_token() exit silently when
called from a NULL mm thread.

I am not able to reproduce this bug, what requires the ISV software
stack to be installed. However, our partner had already test the patch
and no crash occurs anymore with the patch applied.

This is a regression, this patch has been already applied in RHEL-4.

Jérôme

--- linux-2.6.18.noarch/mm/thrash.c.orig	2006-09-20 05:42:06.000000000 +0200
+++ linux-2.6.18.noarch/mm/thrash.c	2007-03-26 16:15:41.000000000 +0200
@@ -54,6 +54,10 @@ void grab_swap_token(void)
 	struct mm_struct *mm;
 	int reason;
 
+	/* Some kernel threads without mm can fault on behalf of others. */
+	if (unlikely(!current->mm))
+		return;
+
 	/* We have the token. Let others know we still need it. */
 	if (has_swap_token(current->mm)) {
 		current->mm->recent_pagein = 1;