This will happen if variable "wb->memcg_css" is NULL. This case is reported
by our analysis tool.
Since the function mem_cgroup_wb_domain() is visible to the global, we
cannot control caller's behavior.

On Thu, Aug 22, 2019 at 12:06 AM Michal Hocko <mhocko@kernel.org> wrote:

> On Wed 21-08-19 23:22:09, Yizhuo wrote:
> > Inside function mem_cgroup_wb_domain(), the pointer memcg
> > could be NULL via mem_cgroup_from_css(). However, this pointer is
> > not checked and directly dereferenced in the if statement,
> > which is potentially unsafe.
>
> Could you describe circumstances when this would happen? The code is
> this way for 5 years without any issues. Are we just lucky or something
> has changed recently to make this happen?
>
> > Signed-off-by: Yizhuo <yzhai003@ucr.edu>
> > ---
> >  mm/memcontrol.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/mm/memcontrol.c b/mm/memcontrol.c
> > index 661f046ad318..bd84bdaed3b0 100644
> > --- a/mm/memcontrol.c
> > +++ b/mm/memcontrol.c
> > @@ -3665,7 +3665,7 @@ struct wb_domain *mem_cgroup_wb_domain(struct
> bdi_writeback *wb)
> >  {
> >       struct mem_cgroup *memcg = mem_cgroup_from_css(wb->memcg_css);
> >
> > -     if (!memcg->css.parent)
> > +     if (!memcg || !memcg->css.parent)
> >               return NULL;
> >
> >       return &memcg->cgwb_domain;
> > --
> > 2.17.1
> >
>
> --
> Michal Hocko
> SUSE Labs
>


-- 
Kind Regards,

*Yizhuo Zhai*

*Computer Science, Graduate Student*
*University of California, Riverside *