From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 48F80C05027 for ; Sun, 29 Jan 2023 21:48:22 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 99A326B0072; Sun, 29 Jan 2023 16:48:21 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 923096B0073; Sun, 29 Jan 2023 16:48:21 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 7C3AD6B0074; Sun, 29 Jan 2023 16:48:21 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 692116B0072 for ; Sun, 29 Jan 2023 16:48:21 -0500 (EST) Received: from smtpin08.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 0D58BC0456 for ; Sun, 29 Jan 2023 21:48:21 +0000 (UTC) X-FDA: 80409175602.08.7CAACE9 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by imf12.hostedemail.com (Postfix) with ESMTP id 3FCC24001C for ; Sun, 29 Jan 2023 21:48:19 +0000 (UTC) Authentication-Results: imf12.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=korg header.b=rOHfC31U; spf=pass (imf12.hostedemail.com: domain of akpm@linux-foundation.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=akpm@linux-foundation.org; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1675028899; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=NHUqfivyO0n4GoHWQ8tsUe6Rrwyyx61Wx0H6XfrvrSo=; b=EGZppK/OAoq24YFSgbVQwN7GR41SNSAZO7/uUJQaW/4I56XwlWMYztYilaQzGDkLwW0Up7 srepW/uZ+6gy4Va21imGJ+RzyTPdST0lZms2rkME38vbwSnmPGTpxL+laG7Li+Gqy51G2e lGSg19Yfi7Yfw8zF9Fnv1qO2iRVkNEo= ARC-Authentication-Results: i=1; imf12.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=korg header.b=rOHfC31U; spf=pass (imf12.hostedemail.com: domain of akpm@linux-foundation.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=akpm@linux-foundation.org; dmarc=none ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1675028899; a=rsa-sha256; cv=none; b=uWqabD4i3vDxyWh5a/toK38WotffN/ITqO61kP3nFiRBxxL+G2LkBnAZs+EE/OY4K9sH7D 0tt3nUgrUu2uNquGBXqk1PghiC5LAY/nDzkEWm3tWAHpkhhySTdQTOqIzFcs8/CcGYo+KT pxy/zIHkQDo7YPAo6FGO0z0shY5G0Z8= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 7DB16B80DBE; Sun, 29 Jan 2023 21:48:17 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id BD6D9C433EF; Sun, 29 Jan 2023 21:48:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linux-foundation.org; s=korg; t=1675028896; bh=rhFf7uedNxdey8EUF7LX7Ea/PKGhbbJ0ekQViXUqr0g=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=rOHfC31UD2cUvJGxuNujV60wU4nBKmcOyjITFlE0VdHO+5d7EhJE4Nocfc/xpXTyV UKQeqUPQ3vb8vSXg2/FkEveP20SQUNe2UUF7ZamH4DaC+lsKYERxgU3PlLPwMWASMa DLz3xAeXJt7ieD/rQy9thZr3cRksofKSWFmYzUCY= Date: Sun, 29 Jan 2023 13:48:15 -0800 From: Andrew Morton To: Kefeng Wang Cc: Tejun Heo , Jens Axboe , Jan Kara , Shakeel Butt , Naoya Horiguchi , , , Ma Wupeng , Michal Hocko Subject: Re: [PATCH] mm: memcg: fix NULL pointer in mem_cgroup_track_foreign_dirty() Message-Id: <20230129134815.21083b65ef3ae4c3e7fae8eb@linux-foundation.org> In-Reply-To: <20230129024451.121590-1-wangkefeng.wang@huawei.com> References: <20230129024451.121590-1-wangkefeng.wang@huawei.com> X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.33; x86_64-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspam-User: X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: 3FCC24001C X-Stat-Signature: k38bk7anctwmax9jb18xi4zu8zmebdjm X-HE-Tag: 1675028899-118252 X-HE-Meta: U2FsdGVkX1/1qYmureYacwk4XH4TKUYA9FVR8rUtARX/zkBauGl8Z9QVOk3123DVTqRSMmaKmK27RwOjnKc2JPgtUDvlAubJTJrQqwieZ6WR7w6Rd4Pb3lhQry71YDfJ5/vNQrleCyxQM4bTQzDnZvpCszSTmzXysu6vPLCpeC+VGc/o64qTR2b182qcAzRcO7da+T6cHIF68XfG3JbJYTQzii1qgWv9973GJFjgyTU85lnVrHgE9mUK4HmFVMNM9MAixVxwN/zivN2Kw+LDZkgDJvkzlVWlD/QnEW/LH3eVg9GT4AiVzcgy0peWV7ryupf3Ye592xZN58HeRZgq+5N+jc/8Wt6SCS0l2Lo9S4yU+t8W2+Fqh6LtFLevFN9spaz80cTc6Nozd0bDWfUJkxoWBJeTiNxR74MmmSLFex4zFL0II+Sct+abyWyb6wfWvKVZvOvp1MFHMW37P/5mIK3rPqEkCztuziQbxAKwpu9/KlCbnSRLt2an4V6OzFz+fWDQrXE85YU0Hdv1O0LjwZmOVSCPeU69Lqc4KZCrVKiz8LgNKMzmVjAP2jxKyEw2zgMOUH2cFObFLlhqDkM/jsROt4Gxgd6JrA23JmY1oj/Os3gD+4fOqUrfIfFLjyx5r+j9n4TE+dAzsxBKQQO6jfb+VZu1Qyg8lsZFmqMBfiZIh/eLLpXBv/f1Pp2M6ZFnX5jJjnaEk4mDGBrAfvBVPZGBxlri1RqlVSOrzrNjHpPrTd9HOlXoFYuu59Rs7Z/AUA3UQi6MDXlAB67YgS/OMGfGvgmTAGi1A5oRLgvyOK8dMQm7dMkcZPUl3f634loQ40ZW5UxKE9I1/ACl2MJDBcmV5CTtS8UZyTfOWHvTL1sN4//4x6j1WdC3R79DnKy34zbTSkm6BgTK+BeNOaSUqOalg6qs38z4KBheiYtgm3urHMyUC+m65VirrM0VZRQv40WqQn1yZnfFUTZeMY8 VZY67r7h UIgJnJ6MEsId8wx8SutPlaD9uuHak+nZrYXCfcF4PNk4lEvsvEp0uvFlRignrQShUT8LXQE9daKOzSBVzCbFPtjegcSEsZpZhr/sGntYEIijY5fivhYLGI81jMli7RHixrpER5ihJD4NeNRks9jtgXmCOk8gcDF2Kibo4qGFsl/C7ZQ9mYZaWdJ48S4hsl7U5K9jBQ4VwKSvBnnomihvwsv2BdE4lSmknPnghXK+mR7k0/wGdXuzSAaNX7PVLRy74KH1grUfZiU36JRJdAT0hkg3SuAhmzgfukHjCDdSA2DqsAZ4WXmM2pbsLVmZn1ByAsF1ZWVb3iw6B+6Pjvvq5Y2JDUwvFIDcZs4ITE/fhh8c4VfzqxOyo1Gd2hi1SXHcoOVtsQL+/KBS5KbM4fPD7JC8DdOVK8xlVwiHB X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Sun, 29 Jan 2023 10:44:51 +0800 Kefeng Wang wrote: > As commit 18365225f044 ("hwpoison, memcg: forcibly uncharge LRU pages"), Merged in 2017. > hwpoison will forcibly uncharg a LRU hwpoisoned page, the folio_memcg > could be NULl, then, mem_cgroup_track_foreign_dirty_slowpath() could > occurs a NULL pointer dereference, let's do not record the foreign > writebacks for folio memcg is null in mem_cgroup_track_foreign() to > fix it. > > Reported-by: Ma Wupeng > Fixes: 97b27821b485 ("writeback, memcg: Implement foreign dirty flushing") Merged in 2019. > --- a/include/linux/memcontrol.h > +++ b/include/linux/memcontrol.h > @@ -1688,10 +1688,13 @@ void mem_cgroup_track_foreign_dirty_slowpath(struct folio *folio, > static inline void mem_cgroup_track_foreign_dirty(struct folio *folio, > struct bdi_writeback *wb) > { > + struct mem_cgroup *memcg; > + > if (mem_cgroup_disabled()) > return; > > - if (unlikely(&folio_memcg(folio)->css != wb->memcg_css)) > + memcg = folio_memcg(folio); > + if (unlikely(memcg && &memcg->css != wb->memcg_css)) > mem_cgroup_track_foreign_dirty_slowpath(folio, wb); > } Has this null deref actually been observed, or is this from code inspection? (This is why it's nice to include the Link: after a Reported-by!) Do we have any theories why this took so many years to surface? I'm confused about the mention of 18365225f044, but the Fixes: target is a different commit. Please explain this? Do you think the fix should be backported into earlier -stable kernels? If so, it will need some rework due to the subsequent folio conversion.