slub: avoid potential NULL dereference or corruption
show_slab_objects() can trigger NULL dereferences or memory corruption. Another cpu can change its c->page to NULL or c->node to NUMA_NO_NODE while we use them. Use ACCESS_ONCE(c->page) and ACCESS_ONCE(c->node) to make sure this cannot happen. Acked-by: Christoph Lameter <cl@linux.com> Acked-by: David Rientjes <rientjes@google.com> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: Pekka Enberg <penberg@kernel.org>
This commit is contained in:
parent
42d623a8cd
commit
bc6697d8a5
17
mm/slub.c
17
mm/slub.c
@ -4444,30 +4444,31 @@ static ssize_t show_slab_objects(struct kmem_cache *s,
|
||||
|
||||
for_each_possible_cpu(cpu) {
|
||||
struct kmem_cache_cpu *c = per_cpu_ptr(s->cpu_slab, cpu);
|
||||
int node = ACCESS_ONCE(c->node);
|
||||
struct page *page;
|
||||
|
||||
if (!c || c->node < 0)
|
||||
if (node < 0)
|
||||
continue;
|
||||
|
||||
if (c->page) {
|
||||
page = ACCESS_ONCE(c->page);
|
||||
if (page) {
|
||||
if (flags & SO_TOTAL)
|
||||
x = c->page->objects;
|
||||
x = page->objects;
|
||||
else if (flags & SO_OBJECTS)
|
||||
x = c->page->inuse;
|
||||
x = page->inuse;
|
||||
else
|
||||
x = 1;
|
||||
|
||||
total += x;
|
||||
nodes[c->node] += x;
|
||||
nodes[node] += x;
|
||||
}
|
||||
page = c->partial;
|
||||
|
||||
if (page) {
|
||||
x = page->pobjects;
|
||||
total += x;
|
||||
nodes[c->node] += x;
|
||||
nodes[node] += x;
|
||||
}
|
||||
per_cpu[c->node]++;
|
||||
per_cpu[node]++;
|
||||
}
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user