[BUGFIX][PATCH] memcg: fix wrong pointer initialization at page migration when memcg is disabled.

linux-mm.kvack.org archive mirror
 help / color / mirror / Atom feed

* [BUGFIX][PATCH] memcg: fix wrong pointer initialization at page migration when memcg is disabled.
@ 2009-10-29  0:30 KAMEZAWA Hiroyuki
  2009-10-29  0:50 ` Daisuke Nishimura
  0 siblings, 1 reply; 3+ messages in thread
From: KAMEZAWA Hiroyuki @ 2009-10-29  0:30 UTC (permalink / raw)
  To: linux-kernel; +Cc: linux-mm, balbir, nishimura, Lee.Schermerhorn


Lee Schermerhorn reported that he saw bad pointer dereference
in mem_cgroup_end_migration() when he disabled memcg by boot option.

memcg's page migration logic works as

	mem_cgroup_prepare_migration(page, &ptr);
	do page migration
	mem_cgroup_end_migration(page, ptr);

Now, ptr is not initialized in prepare_migration when memcg is disabled
by boot option. This causes panic in end_migration. This patch fixes it.

Reported-by: Lee Schermerhorn <Lee.Schermerhorn@hp.com>
Cc: Balbir Singh <balbir@in.ibm.com>
Cc: Daisuke Nishimura <nishimura@mxp.nes.nec.co.jp>
Signed-off-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
---
 mm/memcontrol.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Index: linux-2.6.32-rc5/mm/memcontrol.c
===================================================================
--- linux-2.6.32-rc5.orig/mm/memcontrol.c
+++ linux-2.6.32-rc5/mm/memcontrol.c
@@ -1990,7 +1990,8 @@ int mem_cgroup_prepare_migration(struct 
 	struct page_cgroup *pc;
 	struct mem_cgroup *mem = NULL;
 	int ret = 0;
-
+	/* this pointer will be checked at end_migration */
+	*ptr = NULL;
 	if (mem_cgroup_disabled())
 		return 0;
 

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [BUGFIX][PATCH] memcg: fix wrong pointer initialization at page migration when memcg is disabled.
  2009-10-29  0:30 [BUGFIX][PATCH] memcg: fix wrong pointer initialization at page migration when memcg is disabled KAMEZAWA Hiroyuki
@ 2009-10-29  0:50 ` Daisuke Nishimura
  2009-10-29  1:05   ` KAMEZAWA Hiroyuki
  0 siblings, 1 reply; 3+ messages in thread
From: Daisuke Nishimura @ 2009-10-29  0:50 UTC (permalink / raw)
  To: KAMEZAWA Hiroyuki
  Cc: linux-kernel, linux-mm, balbir, Lee.Schermerhorn, Daisuke Nishimura

On Thu, 29 Oct 2009 09:30:13 +0900, KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com> wrote:
> 
> Lee Schermerhorn reported that he saw bad pointer dereference
> in mem_cgroup_end_migration() when he disabled memcg by boot option.
> 
> memcg's page migration logic works as
> 
> 	mem_cgroup_prepare_migration(page, &ptr);
> 	do page migration
> 	mem_cgroup_end_migration(page, ptr);
> 
> Now, ptr is not initialized in prepare_migration when memcg is disabled
> by boot option. This causes panic in end_migration. This patch fixes it.
> 
> Reported-by: Lee Schermerhorn <Lee.Schermerhorn@hp.com>
> Cc: Balbir Singh <balbir@in.ibm.com>
> Cc: Daisuke Nishimura <nishimura@mxp.nes.nec.co.jp>
> Signed-off-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
> ---
>  mm/memcontrol.c |    3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> Index: linux-2.6.32-rc5/mm/memcontrol.c
> ===================================================================
> --- linux-2.6.32-rc5.orig/mm/memcontrol.c
> +++ linux-2.6.32-rc5/mm/memcontrol.c
> @@ -1990,7 +1990,8 @@ int mem_cgroup_prepare_migration(struct 
>  	struct page_cgroup *pc;
>  	struct mem_cgroup *mem = NULL;
>  	int ret = 0;
> -
> +	/* this pointer will be checked at end_migration */
> +	*ptr = NULL;
>  	if (mem_cgroup_disabled())
>  		return 0;
>  
> 
I thought unmap_and_move() itself initializes "mem" to NULL, but it doesn't...
I personaly prefer initializing "mem" to NULL in unmap_and_move(), but anyway
I think this patch is also correct.

	Reviewed-by: Daisuke Nishimura <nishimura@mxp.nes.nec.co.jp>

And I think we should send a fix for this bug to -stable too.


Thanks,
Daisuke Nishimura.

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [BUGFIX][PATCH] memcg: fix wrong pointer initialization at page migration when memcg is disabled.
  2009-10-29  0:50 ` Daisuke Nishimura
@ 2009-10-29  1:05   ` KAMEZAWA Hiroyuki
  0 siblings, 0 replies; 3+ messages in thread
From: KAMEZAWA Hiroyuki @ 2009-10-29  1:05 UTC (permalink / raw)
  To: Daisuke Nishimura; +Cc: linux-kernel, linux-mm, balbir, Lee.Schermerhorn, akpm

On Thu, 29 Oct 2009 09:50:51 +0900
Daisuke Nishimura <nishimura@mxp.nes.nec.co.jp> wrote:
> > Index: linux-2.6.32-rc5/mm/memcontrol.c
> > ===================================================================
> > --- linux-2.6.32-rc5.orig/mm/memcontrol.c
> > +++ linux-2.6.32-rc5/mm/memcontrol.c
> > @@ -1990,7 +1990,8 @@ int mem_cgroup_prepare_migration(struct 
> >  	struct page_cgroup *pc;
> >  	struct mem_cgroup *mem = NULL;
> >  	int ret = 0;
> > -
> > +	/* this pointer will be checked at end_migration */
> > +	*ptr = NULL;
> >  	if (mem_cgroup_disabled())
> >  		return 0;
> >  
> > 
> I thought unmap_and_move() itself initializes "mem" to NULL, but it doesn't...
> I personaly prefer initializing "mem" to NULL in unmap_and_move(), but anyway
> I think this patch is also correct.
> 
> 	Reviewed-by: Daisuke Nishimura <nishimura@mxp.nes.nec.co.jp>
> 
Ok, here
> And I think we should send a fix for this bug to -stable too.
I think so, too.


==
Lee Schermerhorn reported that he saw bad pointer dereference
in mem_cgroup_end_migration() when he disabled memcg by boot option.

memcg's page migration logic works as

	mem_cgroup_prepare_migration(page, &ptr);
	do page migration
	mem_cgroup_end_migration(page, ptr);

Now, ptr is not initialized when memcg is disabled by boot option.
This patch fixes it.

Changelog: 2009/10/29
 - modified "fix" from memcontrol.c to migrate.c


Reported-by: Lee Schermerhorn <Lee.Schermerhorn@hp.com>
Cc: Balbir Singh <balbir@in.ibm.com>
Cc: Daisuke Nishimura <nishimura@mxp.nes.nec.co.jp>
Reviewed-by: Daisuke Nishimura <nishimura@mxp.nes.nec.co.jp>
Signed-off-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
---
 mm/migrate.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Index: linux-2.6.32-rc5/mm/migrate.c
===================================================================
--- linux-2.6.32-rc5.orig/mm/migrate.c
+++ linux-2.6.32-rc5/mm/migrate.c
@@ -602,7 +602,7 @@ static int unmap_and_move(new_page_t get
 	struct page *newpage = get_new_page(page, private, &result);
 	int rcu_locked = 0;
 	int charge = 0;
-	struct mem_cgroup *mem;
+	struct mem_cgroup *mem = NULL;
 
 	if (!newpage)
 		return -ENOMEM;

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2009-10-29  1:08 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2009-10-29  0:30 [BUGFIX][PATCH] memcg: fix wrong pointer initialization at page migration when memcg is disabled KAMEZAWA Hiroyuki
2009-10-29  0:50 ` Daisuke Nishimura
2009-10-29  1:05   ` KAMEZAWA Hiroyuki

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox