From 0b2e8163b1e52d1b06dd51aafa741ff959e77792 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Sat, 17 Nov 2012 23:56:58 -0800
Subject: [PATCH] 3.0-stable patches

added patches:
	mm-bugfix-set-current-reclaim_state-to-null-while-returning-from-kswapd.patch
---
 ...-to-null-while-returning-from-kswapd.patch | 38 +++++++++++++++++++
 queue-3.0/series                              |  1 +
 2 files changed, 39 insertions(+)
 create mode 100644 queue-3.0/mm-bugfix-set-current-reclaim_state-to-null-while-returning-from-kswapd.patch
 create mode 100644 queue-3.0/series

diff --git a/queue-3.0/mm-bugfix-set-current-reclaim_state-to-null-while-returning-from-kswapd.patch b/queue-3.0/mm-bugfix-set-current-reclaim_state-to-null-while-returning-from-kswapd.patch
new file mode 100644
index 00000000000..be6103c13cc
--- /dev/null
+++ b/queue-3.0/mm-bugfix-set-current-reclaim_state-to-null-while-returning-from-kswapd.patch
@@ -0,0 +1,38 @@
+From b0a8cc58e6b9aaae3045752059e5e6260c0b94bc Mon Sep 17 00:00:00 2001
+From: Takamori Yamaguchi <takamori.yamaguchi@jp.sony.com>
+Date: Thu, 8 Nov 2012 15:53:39 -0800
+Subject: mm: bugfix: set current->reclaim_state to NULL while returning from kswapd()
+
+From: Takamori Yamaguchi <takamori.yamaguchi@jp.sony.com>
+
+commit b0a8cc58e6b9aaae3045752059e5e6260c0b94bc upstream.
+
+In kswapd(), set current->reclaim_state to NULL before returning, as
+current->reclaim_state holds reference to variable on kswapd()'s stack.
+
+In rare cases, while returning from kswapd() during memory offlining,
+__free_slab() and freepages() can access the dangling pointer of
+current->reclaim_state.
+
+Signed-off-by: Takamori Yamaguchi <takamori.yamaguchi@jp.sony.com>
+Signed-off-by: Aaditya Kumar <aaditya.kumar@ap.sony.com>
+Acked-by: David Rientjes <rientjes@google.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ mm/vmscan.c |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/mm/vmscan.c
++++ b/mm/vmscan.c
+@@ -2977,6 +2977,8 @@ static int kswapd(void *p)
+ 						&balanced_classzone_idx);
+ 		}
+ 	}
++
++	current->reclaim_state = NULL;
+ 	return 0;
+ }
+ 
diff --git a/queue-3.0/series b/queue-3.0/series
new file mode 100644
index 00000000000..32b3a24649b
--- /dev/null
+++ b/queue-3.0/series
@@ -0,0 +1 @@
+mm-bugfix-set-current-reclaim_state-to-null-while-returning-from-kswapd.patch
-- 
2.47.3