• Tejun Heo's avatar
    memcg: css_alloc should return an ERR_PTR value on error · ea3a9645
    Tejun Heo authored
    mem_cgroup_css_alloc() was returning NULL on failure while cgroup core
    expected it to return an ERR_PTR value leading to the following NULL
    deref after a css allocation failure.  Fix it by return
    ERR_PTR(-ENOMEM) instead.  I'll also update cgroup core so that it
    can handle NULL returns.
    
      mkdir: page allocation failure: order:6, mode:0x240c0c0(GFP_KERNEL|__GFP_COMP|__GFP_ZERO)
      CPU: 0 PID: 8738 Comm: mkdir Not tainted 4.7.0-rc3+ #123
      ...
      Call Trace:
        dump_stack+0x68/0xa1
        warn_alloc_failed+0xd6/0x130
        __alloc_pages_nodemask+0x4c6/0xf20
        alloc_pages_current+0x66/0xe0
        alloc_kmem_pages+0x14/0x80
        kmalloc_order_trace+0x2a/0x1a0
        __kmalloc+0x291/0x310
        memcg_update_all_caches+0x6c/0x130
        mem_cgroup_css_alloc+0x590/0x610
        cgroup_apply_control_enable+0x18b/0x370
        cgroup_mkdir+0x1de/0x2e0
        kernfs_iop_mkdir+0x55/0x80
        vfs_mkdir+0xb9/0x150
        SyS_mkdir+0x66/0xd0
        do_syscall_64+0x53/0x120
        entry_SYSCALL64_slow_path+0x25/0x25
      ...
      BUG: unable to handle kernel NULL pointer dereference at 00000000000000d0
      IP:  init_and_link_css+0x37/0x220
      PGD 34b1e067 PUD 3a109067 PMD 0
      Oops: 0002 [#1] SMP
      Modules linked in:
      CPU: 0 PID: 8738 Comm: mkdir Not tainted 4.7.0-rc3+ #123
      Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.2-20160422_131301-anatol 04/01/2014
      task: ffff88007cbc5200 ti: ffff8800666d4000 task.ti: ffff8800666d4000
      RIP: 0010:[<ffffffff810f2ca7>]  [<ffffffff810f2ca7>] init_and_link_css+0x37/0x220
      RSP: 0018:ffff8800666d7d90  EFLAGS: 00010246
      RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
      RDX: ffffffff810f2499 RSI: 0000000000000000 RDI: 0000000000000008
      RBP: ffff8800666d7db8 R08: 0000000000000003 R09: 0000000000000000
      R10: 0000000000000001 R11: 0000000000000000 R12: ffff88005a5fb400
      R13: ffffffff81f0f8a0 R14: ffff88005a5fb400 R15: 0000000000000010
      FS:  00007fc944689700(0000) GS:ffff88007fc00000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: 00007f3aed0d2b80 CR3: 000000003a1e8000 CR4: 00000000000006f0
      DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
      Call Trace:
        cgroup_apply_control_enable+0x1ac/0x370
        cgroup_mkdir+0x1de/0x2e0
        kernfs_iop_mkdir+0x55/0x80
        vfs_mkdir+0xb9/0x150
        SyS_mkdir+0x66/0xd0
        do_syscall_64+0x53/0x120
        entry_SYSCALL64_slow_path+0x25/0x25
      Code: 89 f5 48 89 fb 49 89 d4 48 83 ec 08 8b 05 72 3b d8 00 85 c0 0f 85 60 01 00 00 4c 89 e7 e8 72 f7 ff ff 48 8d 7b 08 48 89 d9 31 c0 <48> c7 83 d0 00 00 00 00 00 00 00 48 83 e7 f8 48 29 f9 81 c1 d8
      RIP   init_and_link_css+0x37/0x220
       RSP <ffff8800666d7d90>
      CR2: 00000000000000d0
      ---[ end trace a2d8836ae1e852d1 ]---
    
    Link: http://lkml.kernel.org/r/20160621165740.GJ3262@mtj.duckdns.orgSigned-off-by: default avatarTejun Heo <tj@kernel.org>
    Reported-by: default avatarJohannes Weiner <hannes@cmpxchg.org>
    Reviewed-by: default avatarVladimir Davydov <vdavydov@virtuozzo.com>
    Acked-by: default avatarJohannes Weiner <hannes@cmpxchg.org>
    Acked-by: default avatarMichal Hocko <mhocko@suse.com>
    Cc: <stable@vger.kernel.org>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    ea3a9645
Name
Last commit
Last update
..
kasan Loading commit data...
Kconfig Loading commit data...
Kconfig.debug Loading commit data...
Makefile Loading commit data...
backing-dev.c Loading commit data...
balloon_compaction.c Loading commit data...
bootmem.c Loading commit data...
cleancache.c Loading commit data...
cma.c Loading commit data...
cma.h Loading commit data...
cma_debug.c Loading commit data...
compaction.c Loading commit data...
debug.c Loading commit data...
debug_page_ref.c Loading commit data...
dmapool.c Loading commit data...
early_ioremap.c Loading commit data...
fadvise.c Loading commit data...
failslab.c Loading commit data...
filemap.c Loading commit data...
frame_vector.c Loading commit data...
frontswap.c Loading commit data...
gup.c Loading commit data...
highmem.c Loading commit data...
huge_memory.c Loading commit data...
hugetlb.c Loading commit data...
hugetlb_cgroup.c Loading commit data...
hwpoison-inject.c Loading commit data...
init-mm.c Loading commit data...
internal.h Loading commit data...
interval_tree.c Loading commit data...
kmemcheck.c Loading commit data...
kmemleak-test.c Loading commit data...
kmemleak.c Loading commit data...
ksm.c Loading commit data...
list_lru.c Loading commit data...
maccess.c Loading commit data...
madvise.c Loading commit data...
memblock.c Loading commit data...
memcontrol.c Loading commit data...
memory-failure.c Loading commit data...
memory.c Loading commit data...
memory_hotplug.c Loading commit data...
mempolicy.c Loading commit data...
mempool.c Loading commit data...
memtest.c Loading commit data...
migrate.c Loading commit data...
mincore.c Loading commit data...
mlock.c Loading commit data...
mm_init.c Loading commit data...
mmap.c Loading commit data...
mmu_context.c Loading commit data...
mmu_notifier.c Loading commit data...
mmzone.c Loading commit data...
mprotect.c Loading commit data...
mremap.c Loading commit data...
msync.c Loading commit data...
nobootmem.c Loading commit data...
nommu.c Loading commit data...
oom_kill.c Loading commit data...
page-writeback.c Loading commit data...
page_alloc.c Loading commit data...
page_counter.c Loading commit data...
page_ext.c Loading commit data...
page_idle.c Loading commit data...
page_io.c Loading commit data...
page_isolation.c Loading commit data...
page_owner.c Loading commit data...
page_poison.c Loading commit data...
pagewalk.c Loading commit data...
percpu-km.c Loading commit data...
percpu-vm.c Loading commit data...
percpu.c Loading commit data...
pgtable-generic.c Loading commit data...
process_vm_access.c Loading commit data...
quicklist.c Loading commit data...
readahead.c Loading commit data...
rmap.c Loading commit data...
shmem.c Loading commit data...
slab.c Loading commit data...
slab.h Loading commit data...
slab_common.c Loading commit data...
slob.c Loading commit data...
slub.c Loading commit data...
sparse-vmemmap.c Loading commit data...
sparse.c Loading commit data...
swap.c Loading commit data...
swap_cgroup.c Loading commit data...
swap_state.c Loading commit data...
swapfile.c Loading commit data...
truncate.c Loading commit data...
userfaultfd.c Loading commit data...
util.c Loading commit data...
vmacache.c Loading commit data...
vmalloc.c Loading commit data...
vmpressure.c Loading commit data...
vmscan.c Loading commit data...
vmstat.c Loading commit data...
workingset.c Loading commit data...
z3fold.c Loading commit data...
zbud.c Loading commit data...
zpool.c Loading commit data...
zsmalloc.c Loading commit data...
zswap.c Loading commit data...