On Wed, Jan 2, 2019 at 4:51 PM Christopher Lameter <cl@xxxxxxxxx> wrote:
>
> On Wed, 2 Jan 2019, Dmitry Vyukov wrote:
>
> > Am I missing something or __alloc_alien_cache misses check for
> > kmalloc_node result?
> >
> > static struct alien_cache *__alloc_alien_cache(int node, int entries,
> > int batch, gfp_t gfp)
> > {
> > size_t memsize = sizeof(void *) * entries + sizeof(struct alien_cache);
> > struct alien_cache *alc = NULL;
> >
> > alc = kmalloc_node(memsize, gfp, node);
> > init_arraycache(&alc->ac, entries, batch);
> > spin_lock_init(&alc->lock);
> > return alc;
> > }
> >
>
>
> True _alloc_alien_cache() needs to check for NULL
>
>
> From: Christoph Lameter <cl@xxxxxxxxx>
> Subject: slab: Alien caches must not be initialized if the allocation of the alien cache failed
>
> Callers of __alloc_alien() check for NULL.
> We must do the same check in __alloc_alien_cache to avoid NULL pointer dereferences
> on allocation failures.
>
> Signed-off-by: Christoph Lameter <cl@xxxxxxxxx>
Please add:
Reported-by: syzbot+d6ed4ec679652b4fd4e4@xxxxxxxxxxxxxxxxxxxxxxxxx
> Index: linux/mm/slab.c
> ===================================================================
> --- linux.orig/mm/slab.c
> +++ linux/mm/slab.c
> @@ -666,8 +666,10 @@ static struct alien_cache *__alloc_alien
> struct alien_cache *alc = NULL;
>
> alc = kmalloc_node(memsize, gfp, node);
> - init_arraycache(&alc->ac, entries, batch);
> - spin_lock_init(&alc->lock);
> + if (alc) {
> + init_arraycache(&alc->ac, entries, batch);
> + spin_lock_init(&alc->lock);
> + }
> return alc;
> }
>
