Fix NULL deref in balance_pgdat()

Be careful not to unconditionally clear the PF_MEMALLOC bit in
the task structure.  It may have already been set when entering
kv_alloc() in which case it must remain set on exit.  In
particular the kswapd thread will have PF_MEMALLOC set in
order to prevent it from entering direct reclaim.  By clearing
it we allow the following NULL deref to potentially occur.

  BUG: unable to handle kernel NULL pointer dereference at (null)
  IP: [<ffffffff8109c7ab>] balance_pgdat+0x25b/0x4ff

Signed-off-by: Brian Behlendorf <[email protected]>
Closes ZFS issue #287

module/spl/spl-kmem.c

@@ -855,14 +855,17 @@ kv_alloc(spl_kmem_cache_t *skc, int size, int flags)
 		 * been filed at kernel.org to track the issue.
 		 *
 		 * https://bugzilla.kernel.org/show_bug.cgi?id=30702
+		 *
+		 * NOTE: Only set PF_MEMALLOC if it's not already set, and
+		 * then only clear it when we were the one who set it.
 		 */
-		if (!(flags & __GFP_FS))
+		if (!(flags & __GFP_FS) && !(current->flags & PF_MEMALLOC)) {
 			current->flags |= PF_MEMALLOC;
-
-		ptr = __vmalloc(size, flags | __GFP_HIGHMEM, PAGE_KERNEL);
-
-		if (!(flags & __GFP_FS))
+			ptr = __vmalloc(size, flags|__GFP_HIGHMEM, PAGE_KERNEL);
 			current->flags &= ~PF_MEMALLOC;
+		} else {
+			ptr = __vmalloc(size, flags|__GFP_HIGHMEM, PAGE_KERNEL);
+		}
 	}
 
 	/* Resulting allocated memory will be page aligned */