From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Andrey Vagin <avagin@openvz.org>,
Pekka Enberg <penberg@kernel.org>,
Christoph Lameter <cl@linux.com>,
Glauber Costa <glommer@openvz.org>,
Joonsoo Kim <js1304@gmail.com>, Michal Hocko <mhocko@suse.cz>,
Johannes Weiner <hannes@cmpxchg.org>,
Andrew Morton <akpm@linux-foundation.org>,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: [ 14/36] memcg: check that kmem_cache has memcg_params before accessing it
Date: Thu, 5 Sep 2013 13:27:43 -0700 [thread overview]
Message-ID: <20130905202703.970129862@linuxfoundation.org> (raw)
In-Reply-To: <20130905202702.289738686@linuxfoundation.org>
3.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andrey Vagin <avagin@openvz.org>
commit 6f6b8951897e487ea6f77b90ea01f70a9c363770 upstream.
If the system had a few memory groups and all of them were destroyed,
memcg_limited_groups_array_size has non-zero value, but all new caches
are created without memcg_params, because memcg_kmem_enabled() returns
false.
We try to enumirate child caches in a few places and all of them are
potentially dangerous.
For example my kernel is compiled with CONFIG_SLAB and it crashed when I
tryed to mount a NFS share after a few experiments with kmemcg.
BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
IP: [<ffffffff8118166a>] do_tune_cpucache+0x8a/0xd0
PGD b942a067 PUD b999f067 PMD 0
Oops: 0000 [#1] SMP
Modules linked in: fscache(+) ip6table_filter ip6_tables iptable_filter ip_tables i2c_piix4 pcspkr virtio_net virtio_balloon i2c_core floppy
CPU: 0 PID: 357 Comm: modprobe Not tainted 3.11.0-rc7+ #59
Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
task: ffff8800b9f98240 ti: ffff8800ba32e000 task.ti: ffff8800ba32e000
RIP: 0010:[<ffffffff8118166a>] [<ffffffff8118166a>] do_tune_cpucache+0x8a/0xd0
RSP: 0018:ffff8800ba32fb70 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000006
RDX: 0000000000000000 RSI: ffff8800b9f98910 RDI: 0000000000000246
RBP: ffff8800ba32fba0 R08: 0000000000000002 R09: 0000000000000004
R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000010
R13: 0000000000000008 R14: 00000000000000d0 R15: ffff8800375d0200
FS: 00007f55f1378740(0000) GS:ffff8800bfa00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 00007f24feba57a0 CR3: 0000000037b51000 CR4: 00000000000006f0
Call Trace:
enable_cpucache+0x49/0x100
setup_cpu_cache+0x215/0x280
__kmem_cache_create+0x2fa/0x450
kmem_cache_create_memcg+0x214/0x350
kmem_cache_create+0x2b/0x30
fscache_init+0x19b/0x230 [fscache]
do_one_initcall+0xfa/0x1b0
load_module+0x1c41/0x26d0
SyS_finit_module+0x86/0xb0
system_call_fastpath+0x16/0x1b
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Cc: Pekka Enberg <penberg@kernel.org>
Cc: Christoph Lameter <cl@linux.com>
Cc: Glauber Costa <glommer@openvz.org>
Cc: Joonsoo Kim <js1304@gmail.com>
Cc: Michal Hocko <mhocko@suse.cz>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/slab.h | 2 ++
1 file changed, 2 insertions(+)
--- a/mm/slab.h
+++ b/mm/slab.h
@@ -162,6 +162,8 @@ static inline const char *cache_name(str
static inline struct kmem_cache *cache_from_memcg(struct kmem_cache *s, int idx)
{
+ if (!s->memcg_params)
+ return NULL;
return s->memcg_params->memcg_caches[idx];
}
next prev parent reply other threads:[~2013-09-05 20:28 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-09-05 20:27 [ 00/36] 3.10.11-stable review Greg Kroah-Hartman
2013-09-05 20:27 ` [ 01/36] drm/nouveau/mc: fix race condition between constructor and request_irq() Greg Kroah-Hartman
2013-09-05 20:27 ` [ 02/36] jfs: fix readdir cookie incompatibility with NFSv4 Greg Kroah-Hartman
2013-09-05 20:27 ` [ 03/36] ALSA: hda - Fix NULL dereference with CONFIG_SND_DYNAMIC_MINORS=n Greg Kroah-Hartman
2013-09-05 20:27 ` [ 04/36] ALSA: hda - Add inverted digital mic fixup for Acer Aspire One Greg Kroah-Hartman
2013-09-05 20:27 ` [ 05/36] ALSA: opti9xx: Fix conflicting driver object name Greg Kroah-Hartman
2013-09-05 20:27 ` [ 06/36] powerpc: Work around gcc miscompilation of __pa() on 64-bit Greg Kroah-Hartman
2013-09-05 20:27 ` [ 07/36] powerpc: Dont Oops when accessing /proc/powerpc/lparcfg without hypervisor Greg Kroah-Hartman
2013-09-05 20:27 ` [ 08/36] powerpc/hvsi: Increase handshake timeout from 200ms to 400ms Greg Kroah-Hartman
2013-09-05 20:27 ` [ 09/36] SCSI: pm80xx: fix Adaptec 71605H hang Greg Kroah-Hartman
2013-09-05 20:27 ` [ 10/36] regmap: Add another missing header for !CONFIG_REGMAP stubs Greg Kroah-Hartman
2013-09-05 20:27 ` [ 11/36] timer_list: correct the iterator for timer_list Greg Kroah-Hartman
2013-09-05 20:27 ` [ 12/36] IPC: bugfix for msgrcv with msgtyp < 0 Greg Kroah-Hartman
2013-09-05 20:27 ` [ 13/36] drivers/base/memory.c: fix show_mem_removable() to handle missing sections Greg Kroah-Hartman
2013-09-05 20:27 ` Greg Kroah-Hartman [this message]
2013-09-05 20:27 ` [ 15/36] workqueue: cond_resched() after processing each work item Greg Kroah-Hartman
2013-09-05 20:27 ` [ 16/36] drm/vmwgfx: Split GMR2_REMAP commands if they are to large Greg Kroah-Hartman
2013-09-05 20:27 ` [ 17/36] drm/i915: ivb: fix edp voltage swing reg val Greg Kroah-Hartman
2013-09-05 20:27 ` [ 18/36] SUNRPC: Fix memory corruption issue on 32-bit highmem systems Greg Kroah-Hartman
2013-09-05 20:27 ` [ 19/36] x86/mm: Fix boot crash with DEBUG_PAGE_ALLOC=y and more than 512G RAM Greg Kroah-Hartman
2013-09-05 20:27 ` [ 20/36] ath9k_htc: Restore skb headroom when returning skb to mac80211 Greg Kroah-Hartman
2013-09-05 20:27 ` [ 21/36] ath9k: Enable PLL fix only for AR9340/AR9330 Greg Kroah-Hartman
2013-09-05 20:27 ` [ 22/36] mac80211: add missing channel context release Greg Kroah-Hartman
2013-09-05 20:27 ` [ 23/36] mac80211: add a flag to indicate CCK support for HT clients Greg Kroah-Hartman
2013-09-05 20:27 ` [ 24/36] iwl4965: fix rfkill set state regression Greg Kroah-Hartman
2013-09-05 20:27 ` [ 25/36] target: Fix trailing ASCII space usage in INQUIRY vendor+model Greg Kroah-Hartman
2013-09-05 20:27 ` [ 26/36] iscsi-target: Fix ImmediateData=Yes failure regression in >= v3.10 Greg Kroah-Hartman
2013-09-05 20:27 ` [ 27/36] iscsi-target: Fix iscsit_transport reference leak during NP thread reset Greg Kroah-Hartman
2013-09-05 20:27 ` [ 28/36] iscsi-target: Fix potential NULL pointer in solicited NOPOUT reject Greg Kroah-Hartman
2013-09-05 20:27 ` [ 29/36] mei: me: fix hardware reset flow Greg Kroah-Hartman
2013-09-05 20:27 ` [ 30/36] usb: acm gadget: Null termintate strings table Greg Kroah-Hartman
2013-09-05 20:28 ` [ 31/36] hwmon: (k10temp) Add support for Fam16h (Kabini) Greg Kroah-Hartman
2013-09-05 20:28 ` [ 32/36] ACPI / EC: Add ASUSTEK L4R to quirk list in order to validate ECDT Greg Kroah-Hartman
2013-09-05 20:28 ` [ 33/36] drivers/misc/hpilo: Correct panic when an AUX iLO is detected Greg Kroah-Hartman
2013-09-05 20:28 ` [ 34/36] xen/arm: missing put_cpu in xen_percpu_init Greg Kroah-Hartman
2013-09-05 20:28 ` [ 35/36] imx-drm: imx-drm-core: Export imx_drm_encoder_get_mux_id Greg Kroah-Hartman
2013-09-05 20:28 ` [ 36/36] regmap: rbtree: Fix overlapping rbnodes Greg Kroah-Hartman
2013-09-05 22:59 ` [ 00/36] 3.10.11-stable review Guenter Roeck
2013-09-06 16:40 ` Greg Kroah-Hartman
2013-09-06 17:36 ` Shuah Khan
2013-09-06 18:45 ` Greg Kroah-Hartman
2013-09-06 18:48 ` Shuah Khan
2013-09-06 22:08 ` Olof Johansson
2013-09-06 22:20 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130905202703.970129862@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=akpm@linux-foundation.org \
--cc=avagin@openvz.org \
--cc=cl@linux.com \
--cc=glommer@openvz.org \
--cc=hannes@cmpxchg.org \
--cc=js1304@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mhocko@suse.cz \
--cc=penberg@kernel.org \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.