| Message ID | 20230129040945.180629-1-wangkefeng.wang@huawei.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | [resend] mm: memcg: fix NULL pointer in mem_cgroup_track_foreign_dirty_slowpath() | expand |
On Sun, 2023-01-29 at 12:09 +0800, Kefeng Wang wrote: > As commit 18365225f044 ("hwpoison, memcg: forcibly uncharge LRU > pages"), > hwpoison will forcibly uncharg a LRU hwpoisoned page, the folio_memcg > could be NULl, then, mem_cgroup_track_foreign_dirty_slowpath() could > occurs a NULL pointer dereference, let's do not record the foreign > writebacks for folio memcg is null in > mem_cgroup_track_foreign_dirty() > to fix it. > > Reported-by: Ma Wupeng <mawupeng1@huawei.com> > Fixes: 97b27821b485 ("writeback, memcg: Implement foreign dirty > flushing") > Signed-off-by: Kefeng Wang <wangkefeng.wang@huawei.com> > --- > resend: correct function name > include/linux/memcontrol.h | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > > diff --git a/include/linux/memcontrol.h b/include/linux/memcontrol.h > index eb6e5b18e1ad..35478695cabf 100644 > --- a/include/linux/memcontrol.h > +++ b/include/linux/memcontrol.h > @@ -1688,10 +1688,13 @@ void > mem_cgroup_track_foreign_dirty_slowpath(struct folio *folio, > static inline void mem_cgroup_track_foreign_dirty(struct folio > *folio, > struct > bdi_writeback *wb) > { > + struct mem_cgroup *memcg; > + > if (mem_cgroup_disabled()) > return; > > - if (unlikely(&folio_memcg(folio)->css != wb->memcg_css)) > + memcg = folio_memcg(folio); > + if (unlikely(memcg && &memcg->css != wb->memcg_css)) > mem_cgroup_track_foreign_dirty_slowpath(folio, wb); > } > Might want to Cc linux-stable. Tested-by: Miko Larsson <mikoxyzzz@gmail.com> -- ~miko
diff --git a/include/linux/memcontrol.h b/include/linux/memcontrol.h index eb6e5b18e1ad..35478695cabf 100644 --- a/include/linux/memcontrol.h +++ b/include/linux/memcontrol.h @@ -1688,10 +1688,13 @@ void mem_cgroup_track_foreign_dirty_slowpath(struct folio *folio, static inline void mem_cgroup_track_foreign_dirty(struct folio *folio, struct bdi_writeback *wb) { + struct mem_cgroup *memcg; + if (mem_cgroup_disabled()) return; - if (unlikely(&folio_memcg(folio)->css != wb->memcg_css)) + memcg = folio_memcg(folio); + if (unlikely(memcg && &memcg->css != wb->memcg_css)) mem_cgroup_track_foreign_dirty_slowpath(folio, wb); }
As commit 18365225f044 ("hwpoison, memcg: forcibly uncharge LRU pages"), hwpoison will forcibly uncharg a LRU hwpoisoned page, the folio_memcg could be NULl, then, mem_cgroup_track_foreign_dirty_slowpath() could occurs a NULL pointer dereference, let's do not record the foreign writebacks for folio memcg is null in mem_cgroup_track_foreign_dirty() to fix it. Reported-by: Ma Wupeng <mawupeng1@huawei.com> Fixes: 97b27821b485 ("writeback, memcg: Implement foreign dirty flushing") Signed-off-by: Kefeng Wang <wangkefeng.wang@huawei.com> --- resend: correct function name include/linux/memcontrol.h | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)