From: Kees Cook <keescook@chromium.org>
To: Johannes Weiner <hannes@cmpxchg.org>
Cc: Stephen Rothwell <sfr@canb.auug.org.au>,
Andrew Morton <akpm@linux-foundation.org>,
"Gustavo A. R. Silva" <gustavo@embeddedor.com>,
linux-next@vger.kernel.org
Subject: Re: Coverity: shrink_node_memcgs(): Null pointer dereferences
Date: Tue, 12 Nov 2019 13:04:03 -0800 [thread overview]
Message-ID: <201911121301.885CE00@keescook> (raw)
In-Reply-To: <20191112152123.GB168812@cmpxchg.org>
On Tue, Nov 12, 2019 at 10:21:23AM -0500, Johannes Weiner wrote:
> On Mon, Nov 11, 2019 at 05:35:37PM -0800, coverity-bot wrote:
> > Hello!
> >
> > This is an experimental automated report about issues detected by Coverity
> > from a scan of next-20191108 as part of the linux-next weekly scan project:
> > https://scan.coverity.com/projects/linux-next-weekly-scan
> >
> > You're getting this email because you were associated with the identified
> > lines of code (noted below) that were touched by recent commits:
> >
> > c34aa3085f94 ("mm-vmscan-split-shrink_node-into-node-part-and-memcgs-part-fix")
> >
> > Coverity reported the following:
> >
> > *** CID 1487844: Null pointer dereferences (NULL_RETURNS)
> > /mm/vmscan.c: 2695 in shrink_node_memcgs()
> > 2689 memcg = mem_cgroup_iter(target_memcg, NULL, NULL);
> > 2690 do {
> > 2691 struct lruvec *lruvec = mem_cgroup_lruvec(memcg, pgdat);
> > 2692 unsigned long reclaimed;
> > 2693 unsigned long scanned;
> > 2694
> > vvv CID 1487844: Null pointer dereferences (NULL_RETURNS)
> > vvv Dereferencing a pointer that might be "NULL" "memcg" when calling "mem_cgroup_protected".
> > 2695 switch (mem_cgroup_protected(target_memcg, memcg)) {
>
> This appears to be a false alarm.
Okay, thanks!
> All the "culprit" patch did was rename the local variable
> "target_memcg".
>
> And while it's correct that memcg can be NULL (befor and after this
> patch), it's the case only when mem_cgroup_disabled(), and
> mem_cgroup_protected() checks for this case.
Right, that's certainly the design. I wonder if in the interests of
defensively asserting requirements, it would be worth adding something
like this to mem_cgroup_protected():
if (WARN_ON_ONCE(!memcg))
return MEMCG_PROT_NONE;
?
--
Kees Cook
next prev parent reply other threads:[~2019-11-12 21:04 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-12 1:35 Coverity: shrink_node_memcgs(): Null pointer dereferences coverity-bot
2019-11-12 15:21 ` Johannes Weiner
2019-11-12 21:04 ` Kees Cook [this message]
2019-11-12 21:56 ` Johannes Weiner
2019-11-12 22:18 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201911121301.885CE00@keescook \
--to=keescook@chromium.org \
--cc=akpm@linux-foundation.org \
--cc=gustavo@embeddedor.com \
--cc=hannes@cmpxchg.org \
--cc=linux-next@vger.kernel.org \
--cc=sfr@canb.auug.org.au \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox