From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from psmtp.com (na3sys010amx162.postini.com [74.125.245.162]) by kanga.kvack.org (Postfix) with SMTP id A08626B000C for ; Wed, 23 Jan 2013 16:45:49 -0500 (EST) Message-Id: <0000013c695fbd30-9023bc55-f780-4d44-965f-ab4507e483d5-000000@email.amazonses.com> Date: Wed, 23 Jan 2013 21:45:47 +0000 From: Christoph Lameter Subject: FIX [1/2] slub: Do not dereference NULL pointer in node_match References: <20130123214514.370647954@linux.com> Sender: owner-linux-mm@kvack.org List-ID: To: Pekka Enberg Cc: Steven Rostedt , Thomas Gleixner , RT , Clark Williams , John Kacur , "Luis Claudio R. Goncalves" , Joonsoo Kim , Glauber Costa , linux-mm@kvack.org, David Rientjes , elezegarcia@gmail.com The variables accessed in slab_alloc are volatile and therefore the page pointer passed to node_match can be NULL. The processing of data in slab_alloc is tentative until either the cmpxhchg succeeds or the __slab_alloc slowpath is invoked. Both are able to perform the same allocation from the freelist. Check for the NULL pointer in node_match. A false positive will lead to a retry of the loop in __slab_alloc. Signed-off-by: Christoph Lameter Index: linux/mm/slub.c =================================================================== --- linux.orig/mm/slub.c 2013-01-18 08:47:29.198954250 -0600 +++ linux/mm/slub.c 2013-01-18 08:47:40.579126371 -0600 @@ -2041,7 +2041,7 @@ static void flush_all(struct kmem_cache static inline int node_match(struct page *page, int node) { #ifdef CONFIG_NUMA - if (node != NUMA_NO_NODE && page_to_nid(page) != node) + if (!page || (node != NUMA_NO_NODE && page_to_nid(page) != node)) return 0; #endif return 1; -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org