On Wed 21-08-19 23:22:09, Yizhuo wrote:
> Inside function mem_cgroup_wb_domain(), the pointer memcg
> could be NULL via mem_cgroup_from_css(). However, this pointer is
> not checked and directly dereferenced in the if statement,
> which is potentially unsafe.
Could you describe circumstances when this would happen? The code is
this way for 5 years without any issues. Are we just lucky or something
has changed recently to make this happen?
> Signed-off-by: Yizhuo <yzhai003@xxxxxxx>
> ---
> mm/memcontrol.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/mm/memcontrol.c b/mm/memcontrol.c
> index 661f046ad318..bd84bdaed3b0 100644
> --- a/mm/memcontrol.c
> +++ b/mm/memcontrol.c
> @@ -3665,7 +3665,7 @@ struct wb_domain *mem_cgroup_wb_domain(struct bdi_writeback *wb)
> {
> struct mem_cgroup *memcg = mem_cgroup_from_css(wb->memcg_css);
>
> - if (!memcg->css.parent)
> + if (!memcg || !memcg->css.parent)
> return NULL;
>
> return &memcg->cgwb_domain;
> --
> 2.17.1
>
--
Michal Hocko
SUSE Labs
