From: Kenneth Lee <kenlee@dg.gov.cn>

I think there is a bug in kmod.c: In __call_usermodehelper(), when
kernel_thread(wait_for_helper, ...) return success, since wait_for_helper()
might call complete() at any time, the sub_info should not be used any
more.

Normally wait_for_helper() take a long time to finish, you may not get
problem for most of the case.  But if you remove /sbin/modprobe, it may
become easier for you to get a oop in khelper.

Cc: Matt Helsley <matthltc@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
---


diff -puN kernel/kmod.c~kernel-bug-fixing-for-kernel-kmodc kernel/kmod.c
--- a/kernel/kmod.c~kernel-bug-fixing-for-kernel-kmodc
+++ a/kernel/kmod.c
@@ -197,11 +197,12 @@ static void __call_usermodehelper(void *
 {
 	struct subprocess_info *sub_info = data;
 	pid_t pid;
+	int wait = sub_info->wait;
 
 	/* CLONE_VFORK: wait until the usermode helper has execve'd
 	 * successfully We need the data structures to stay around
 	 * until that is done.  */
-	if (sub_info->wait)
+	if (wait)
 		pid = kernel_thread(wait_for_helper, sub_info,
 				    CLONE_FS | CLONE_FILES | SIGCHLD);
 	else
@@ -211,7 +212,7 @@ static void __call_usermodehelper(void *
 	if (pid < 0) {
 		sub_info->retval = pid;
 		complete(sub_info->complete);
-	} else if (!sub_info->wait)
+	} else if (!wait)
 		complete(sub_info->complete);
 }
 
_