From patchwork Mon Nov 30 13:15:12 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Muchun Song X-Patchwork-Id: 11940463 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.6 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 37DF8C64E8A for ; Mon, 30 Nov 2020 13:16:46 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 665D1206F9 for ; Mon, 30 Nov 2020 13:16:45 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=bytedance-com.20150623.gappssmtp.com header.i=@bytedance-com.20150623.gappssmtp.com header.b="w5OaFM++" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 665D1206F9 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=bytedance.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 73DF88D0003; Mon, 30 Nov 2020 08:16:44 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 6EF858D0001; Mon, 30 Nov 2020 08:16:44 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 605C68D0003; Mon, 30 Nov 2020 08:16:44 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0071.hostedemail.com [216.40.44.71]) by kanga.kvack.org (Postfix) with ESMTP id 4A3A48D0001 for ; Mon, 30 Nov 2020 08:16:44 -0500 (EST) Received: from smtpin20.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay03.hostedemail.com (Postfix) with ESMTP id 1243882499A8 for ; Mon, 30 Nov 2020 13:16:44 +0000 (UTC) X-FDA: 77541134328.20.juice58_1517a4e273a2 Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251]) by smtpin20.hostedemail.com (Postfix) with ESMTP id DC2A8180C07AF for ; Mon, 30 Nov 2020 13:16:43 +0000 (UTC) X-HE-Tag: juice58_1517a4e273a2 X-Filterd-Recvd-Size: 4927 Received: from mail-pg1-f193.google.com (mail-pg1-f193.google.com [209.85.215.193]) by imf24.hostedemail.com (Postfix) with ESMTP for ; Mon, 30 Nov 2020 13:16:43 +0000 (UTC) Received: by mail-pg1-f193.google.com with SMTP id l4so3992570pgu.5 for ; Mon, 30 Nov 2020 05:16:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bytedance-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=226PRqqx4Z2LZBrOf7jo3xFAshxZxY1K5Av0IyZmLV8=; b=w5OaFM++CbyizHmFtWxrqNE2GwBOC3K+1Qs+6z5tw4698a+6zKHG9CLWmyRpu+gclB SvRVASmaAfdvhUhf24PPU/z7L6MKxePJ2lfb9b26TzzMmUymucWDyEIj+V8mFVWdqhL4 f8WBeedivcYkuo/5oWBIId4CPG/YrpNwqOQwARStdktbDAZ9HHY1c5lJsi+hEH9wzJNK AmPoL1JyBMdzNrA3mpA2o2ioM6tybucVmd6R7XdwvBPD+J7uTCWmCBx/v63ASnQecu7r hsa9pkb0/dFdC9KXO7/FvZz0CRsVy9rHEsZ7r/Qi/F+TprzlhG+1ukYSoupzsqu7s55h tqdQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=226PRqqx4Z2LZBrOf7jo3xFAshxZxY1K5Av0IyZmLV8=; b=RuF+J86bmfAJJcDz4n1Nqrd3oofS9JJD2uapp036w6smdxCxUYMqoP9wTfwAE7MgIs xbXk/gt/t2EolEhjnyCbQqsWjCma/KqGWaVG5fdfTJ/2nybvOSdINXYJ9RO0lhFq2DJU Jvll0NLNgJ9xrjb6VQkhfJ4No6gD1lFFLBp9RDnRny9aXDnxGHqqK5kKoXGPf1dG68+G RsEKiiCRNytQgddqUnmfIzHPvA/50IBZPejoyM2S2sh2XEn1dIUQYtp08kdcfjff6fw/ vWaXzbdEIojeKpQ4/R7jvk9j5UbPmBQpJyi84No0fIoCGqqlp77mLS5JhtzUrbBe6Uo2 tEpw== X-Gm-Message-State: AOAM532oRdtHR2cBbCzUhrdTep5U2y78ut5XidI0t+P3/rQdFe28sU44 +jLVv8SZeR4qlYiDVi5n/1XWCw== X-Google-Smtp-Source: ABdhPJwhbJ9stRuaGwCkRVStLBXXGgX9xkRJz4yAVBzafCl5rScsuBdxryMiEvgAb8af5habdGPybQ== X-Received: by 2002:a65:4548:: with SMTP id x8mr9094151pgr.163.1606742201853; Mon, 30 Nov 2020 05:16:41 -0800 (PST) Received: from localhost.localdomain ([103.136.221.70]) by smtp.gmail.com with ESMTPSA id j16sm16943134pgl.50.2020.11.30.05.16.36 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 30 Nov 2020 05:16:41 -0800 (PST) From: Muchun Song To: akpm@linux-foundation.org, hannes@cmpxchg.org, shakeelb@google.com, guro@fb.com, sfr@canb.auug.org.au, alex.shi@linux.alibaba.com, alexander.h.duyck@linux.intel.com, laoar.shao@gmail.com, richard.weiyang@gmail.com Cc: linux-kernel@vger.kernel.org, linux-mm@kvack.org, Muchun Song Subject: [PATCH] mm/memcg: fix NULL pointer dereference at workingset_eviction Date: Mon, 30 Nov 2020 21:15:12 +0800 Message-Id: <20201130131512.6043-1-songmuchun@bytedance.com> X-Mailer: git-send-email 2.21.0 (Apple Git-122) MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: We found a case of kernel panic. The stack trace is as follows (omit some irrelevant information): BUG: kernel NULL pointer dereference, address: 00000000000000c8 RIP: 0010:workingset_eviction+0x26b/0x450 Call Trace: __remove_mapping+0x224/0x2b0 shrink_page_list+0x8c2/0x14e0 shrink_inactive_list+0x1bf/0x3f0 ? do_raw_spin_unlock+0x49/0xc0 ? _raw_spin_unlock+0xa/0x20 shrink_lruvec+0x401/0x640 This was caused by commit 76761ffa9ea1 ("mm/memcg: bail out early when !memcg in mem_cgroup_lruvec"). When the parameter of memcg is NULL, we should not use the &pgdat->__lruvec. So this just reverts commit 76761ffa9ea1 to fix it. Fixes: 76761ffa9ea1 ("mm/memcg: bail out early when !memcg in mem_cgroup_lruvec") Signed-off-by: Muchun Song --- include/linux/memcontrol.h | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/include/linux/memcontrol.h b/include/linux/memcontrol.h index f9a496c4eac7..a1416205507c 100644 --- a/include/linux/memcontrol.h +++ b/include/linux/memcontrol.h @@ -610,17 +610,20 @@ mem_cgroup_nodeinfo(struct mem_cgroup *memcg, int nid) static inline struct lruvec *mem_cgroup_lruvec(struct mem_cgroup *memcg, struct pglist_data *pgdat) { + struct mem_cgroup_per_node *mz; struct lruvec *lruvec; - if (mem_cgroup_disabled() || !memcg) { + if (mem_cgroup_disabled()) { lruvec = &pgdat->__lruvec; - } else { - struct mem_cgroup_per_node *mz; - - mz = mem_cgroup_nodeinfo(memcg, pgdat->node_id); - lruvec = &mz->lruvec; + goto out; } + if (!memcg) + memcg = root_mem_cgroup; + + mz = mem_cgroup_nodeinfo(memcg, pgdat->node_id); + lruvec = &mz->lruvec; +out: /* * Since a node can be onlined after the mem_cgroup was created, * we have to be prepared to initialize lruvec->pgdat here;