From: Peter Zijlstra <a.p.zijlstra@chello.nl>

While the comment says:
 * To prevent rpciod from hanging, this allocator never sleeps,
 * returning NULL if the request cannot be serviced immediately.

The function does not actually check for NULL pointers being returned.

Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Trond Myklebust <trond.myklebust@fys.uio.no>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 net/sunrpc/sched.c |    4 ++++
 1 file changed, 4 insertions(+)

diff -puN net/sunrpc/sched.c~sunrpc-fix-crash-in-rpc_malloc net/sunrpc/sched.c
--- a/net/sunrpc/sched.c~sunrpc-fix-crash-in-rpc_malloc
+++ a/net/sunrpc/sched.c
@@ -762,6 +762,10 @@ void *rpc_malloc(struct rpc_task *task, 
 		buf = mempool_alloc(rpc_buffer_mempool, gfp);
 	else
 		buf = kmalloc(size, gfp);
+
+	if (!buf)
+		return NULL;
+
 	*buf = size;
 	dprintk("RPC: %5u allocated buffer of size %zu at %p\n",
 			task->tk_pid, size, buf);
_