From patchwork Fri Jul 12 03:25:54 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Youling Tang X-Patchwork-Id: 13731261 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 42C69C3DA45 for ; Fri, 12 Jul 2024 03:26:41 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id CC5676B009D; Thu, 11 Jul 2024 23:26:40 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id C74CB6B009E; Thu, 11 Jul 2024 23:26:40 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B63686B009F; Thu, 11 Jul 2024 23:26:40 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 9E27F6B009D for ; Thu, 11 Jul 2024 23:26:40 -0400 (EDT) Received: from smtpin09.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 44F57A08E8 for ; Fri, 12 Jul 2024 03:26:40 +0000 (UTC) X-FDA: 82329663360.09.15F3E47 Received: from out-183.mta1.migadu.com (out-183.mta1.migadu.com [95.215.58.183]) by imf26.hostedemail.com (Postfix) with ESMTP id 4B4C2140011 for ; Fri, 12 Jul 2024 03:26:37 +0000 (UTC) Authentication-Results: imf26.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=Z++ak1Lq; spf=pass (imf26.hostedemail.com: domain of youling.tang@linux.dev designates 95.215.58.183 as permitted sender) smtp.mailfrom=youling.tang@linux.dev; dmarc=pass (policy=none) header.from=linux.dev ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1720754781; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:references:dkim-signature; bh=VWeQNJq+zI55ma4p1FwSxutTu1uuDdgE89/qb0lCzRY=; b=EDBp+qbn3U+GI6DL4p39/Tk6ovLcldEbRQY2/F3jP0FWvvUOAtZfvXnlPhR5hSJFXav9IZ izOBRgOZYx9zu7UH2KMPvaKJL3RNAlDDpTZNxTHdJZQqcGm+E6GWRkqprO8CYtA315u/Oy GR3Sr9iqifEcn0CaTB9GA6859b3OdA8= ARC-Authentication-Results: i=1; imf26.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=Z++ak1Lq; spf=pass (imf26.hostedemail.com: domain of youling.tang@linux.dev designates 95.215.58.183 as permitted sender) smtp.mailfrom=youling.tang@linux.dev; dmarc=pass (policy=none) header.from=linux.dev ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1720754781; a=rsa-sha256; cv=none; b=yr6qbNrR0Bxil83hlb94M+oLIufv8Er+jeY16oaTcNDp5i48ADRiOD9QpzEy/ycWMPP3qv hwK4UZyIp4C/xCmiQcLcwq7gHN1mzXKvNo45sAK/S5bUt5a2FnMvrY4kydLXJEaEllle8f hjmhpKmwJv7U+rIPcPLSYjptUzaybec= X-Envelope-To: akpm@linux-foundation.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1720754794; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=VWeQNJq+zI55ma4p1FwSxutTu1uuDdgE89/qb0lCzRY=; b=Z++ak1LqH047WRiwSMRDmUltLuYrojjoNRsJR68z/X+XIMT0Yvpe/Ex3cWJpFhL5glP4UY KV9iUdiiJ8L+ezFVxE6ZmUDUASrEb4w2yy574oUeHeK0g1Rz0t+RgerY7oJCHwdFyFwLSX j/qforvln5vTK2ekIUWdd/Ur7BcTLCQ= X-Envelope-To: kent.overstreet@linux.dev X-Envelope-To: linux-mm@kvack.org X-Envelope-To: linux-kernel@vger.kernel.org X-Envelope-To: tangyouling@kylinos.cn X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. From: Youling Tang To: Andrew Morton Cc: Kent Overstreet , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Youling Tang Subject: [PATCH] mm: list_lru: Fix NULL pointer dereference in list_lru_add() Date: Fri, 12 Jul 2024 11:25:54 +0800 Message-Id: <20240712032554.444823-1-youling.tang@linux.dev> MIME-Version: 1.0 X-Migadu-Flow: FLOW_OUT X-Rspam-User: X-Rspamd-Server: rspam01 X-Rspamd-Queue-Id: 4B4C2140011 X-Stat-Signature: kncgcb19mifk8t63qkhdametcpnno4ct X-HE-Tag: 1720754797-853579 X-HE-Meta: U2FsdGVkX1+5KEQBkE0+zKNnad9anlfQ+bqFWO/rkm3QpYoTnNa1AF2GSGk/VmMZeak5QNFBley8xZCa+RaviOK5HmgHjXJcCNwT8/KBbOMa6C0O7I3BxqdywawzsqqUa8WJODMCepCIigQBpu4lLK2Lb4cfCbgYy7S5LaL43RaStExI9WXjRE3rmlSs4eIscRQOoxfYsm9tXdSUPbLbxlDtKeazxs8pVZfYL12iy34xmtZw1ZFlF4kNn5MBdHOV7Ci6WfAqfQqTzom1DiqATWe7niUty0ej8I4hR6b9Fi54t420SaoB9Pn3RTNIzwizN6/Mq/MRsMNqgEShcPkTBp6NldmBB846mVnBeb6UdCF62hq3K4c8zHXwzN/EITI6YZH9BQ71biweenU+kOQTw7I9dQWpwGe5ZSVe92LB/Eh0Ahzu0l7evZAJsAlW8JuuFeKRBjblbUi2ys1xQc12MUvpm4C/5geDLt2ipWpqMmNilD33B/A6GOW6SA+vhlvIpp6AXYeoIKSFh3u67v5Sfs+IqEEi21KxvAKcMF4Ud85QmbZmS+TdEvLGoco6UvCtuEht/MGaomhfuG4/VEUx3igee7vPtMnsR9ZXwUE4+VmWOahp8Jv+YSiK/jw8qjB41udyFTbiJZ3Ad2xglt97DS80mlSDg6VV87T6jrRUzSPO6IjtHVwZPIhMlgU1BhwE67gJsKQCnVcDO3VEKhLz6zlcYL4jnvfY0RcSUgi2RWpOWDTbeVmtFrL0GVhGwxwd3Yu+ENprzMCVDZXxT0uU5sROK0TCs+f8UZcyhywdJnHA7jBatxGM2MsWGOTMOd+mOBfJXvxxLneV28Jg70kw3v87gJE5trOb2tmiZ/QDheaccW7NEtvW2Gue08qmny6JzN6PU/d238nd9S+RSO6dUwzK4ccdjbailZpXKZEtXd8SYq+BPN5ORd1NhFkzi6Po/mowkIJzK05GJSGlInq 5ZsG4mcT 4P46Yb1FffPq9ngkOd1vwkkX0/aLDo//CGLA7vOrlfn0ThEfxe/4NrR6q8uD3DckPxVtEaOntOeWWyo4vx9LSJcei4NAIrAYVIJnR6X/RrW6zEdjzHIjVKSXM6XDd17BF7JU5sSKmXRlaOsaLIH0Nti5ZMgi8YC6HxUU/VarYupomdM86IJP5VZWxBLBdes+K7ANysu6XFtP5RyuFFOR54xDO+w== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: From: Youling Tang Note that list_lru_from_memcg_idx() may return NULL, so it is necessary to error handle the return value to avoid triggering NULL pointer dereference BUG. The issue was triggered for discussion [1], Link [1]: https://lore.kernel.org/linux-bcachefs/84de6cb1-57bd-42f7-8029-4203820ef0b4@linux.dev/T/#m901bb26cdb1d9d4bacebf0d034f0a5a712cc93a6 Signed-off-by: Youling Tang --- mm/list_lru.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/mm/list_lru.c b/mm/list_lru.c index 3fd64736bc45..ee7424c3879d 100644 --- a/mm/list_lru.c +++ b/mm/list_lru.c @@ -94,6 +94,9 @@ bool list_lru_add(struct list_lru *lru, struct list_head *item, int nid, spin_lock(&nlru->lock); if (list_empty(item)) { l = list_lru_from_memcg_idx(lru, nid, memcg_kmem_id(memcg)); + if (!l) + goto out; + list_add_tail(item, &l->list); /* Set shrinker bit if the first element was added */ if (!l->nr_items++) @@ -102,6 +105,7 @@ bool list_lru_add(struct list_lru *lru, struct list_head *item, int nid, spin_unlock(&nlru->lock); return true; } +out: spin_unlock(&nlru->lock); return false; }