iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/mm
History
Roman Gushchin 5f79489a73 mm: kmem: properly initialize local objcg variable in current_obj_cgroup() 
Erhard reported that the 6.7-rc1 kernel panics on boot if being
built with clang-16. The problem was not reproducible with gcc.

[    5.975049] general protection fault, probably for non-canonical address 0xf555515555555557: 0000 [#1] SMP KASAN PTI
[    5.976422] KASAN: maybe wild-memory-access in range [0xaaaaaaaaaaaaaab8-0xaaaaaaaaaaaaaabf]
[    5.977475] CPU: 3 PID: 1 Comm: systemd Not tainted 6.7.0-rc1-Zen3 #77
[    5.977860] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014
[    5.977860] RIP: 0010:obj_cgroup_charge_pages+0x27/0x2d5
[    5.977860] Code: 90 90 90 55 41 57 41 56 41 55 41 54 53 89 d5 41 89 f6 49 89 ff 48 b8 00 00 00 00 00 fc ff df 49 83 c7 10 4d3
[    5.977860] RSP: 0018:ffffc9000001fb18 EFLAGS: 00010a02
[    5.977860] RAX: dffffc0000000000 RBX: aaaaaaaaaaaaaaaa RCX: ffff8883eb9a8b08
[    5.977860] RDX: 0000000000000005 RSI: 0000000000400cc0 RDI: aaaaaaaaaaaaaaaa
[    5.977860] RBP: 0000000000000005 R08: 3333333333333333 R09: 0000000000000000
[    5.977860] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8883eb9a8b18
[    5.977860] R13: 1555555555555557 R14: 0000000000400cc0 R15: aaaaaaaaaaaaaaba
[    5.977860] FS:  00007f2976438b40(0000) GS:ffff8883eb980000(0000) knlGS:0000000000000000
[    5.977860] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    5.977860] CR2: 00007f29769e0060 CR3: 0000000107222003 CR4: 0000000000370eb0
[    5.977860] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[    5.977860] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[    5.977860] Call Trace:
[    5.977860]  <TASK>
[    5.977860]  ? __die_body+0x16/0x75
[    5.977860]  ? die_addr+0x4a/0x70
[    5.977860]  ? exc_general_protection+0x1c9/0x2d0
[    5.977860]  ? cgroup_mkdir+0x455/0x9fb
[    5.977860]  ? __x64_sys_mkdir+0x69/0x80
[    5.977860]  ? asm_exc_general_protection+0x26/0x30
[    5.977860]  ? obj_cgroup_charge_pages+0x27/0x2d5
[    5.977860]  obj_cgroup_charge+0x114/0x1ab
[    5.977860]  pcpu_alloc+0x1a6/0xa65
[    5.977860]  ? mem_cgroup_css_alloc+0x1eb/0x1140
[    5.977860]  ? cgroup_apply_control_enable+0x26b/0x7c0
[    5.977860]  mem_cgroup_css_alloc+0x23f/0x1140
[    5.977860]  cgroup_apply_control_enable+0x26b/0x7c0
[    5.977860]  ? cgroup_kn_set_ugid+0x2d/0x1a0
[    5.977860]  cgroup_mkdir+0x455/0x9fb
[    5.977860]  ? __cfi_cgroup_mkdir+0x10/0x10
[    5.977860]  kernfs_iop_mkdir+0x130/0x170
[    5.977860]  vfs_mkdir+0x405/0x530
[    5.977860]  do_mkdirat+0x188/0x1f0
[    5.977860]  __x64_sys_mkdir+0x69/0x80
[    5.977860]  do_syscall_64+0x7d/0x100
[    5.977860]  ? do_syscall_64+0x89/0x100
[    5.977860]  ? do_syscall_64+0x89/0x100
[    5.977860]  ? do_syscall_64+0x89/0x100
[    5.977860]  ? do_syscall_64+0x89/0x100
[    5.977860]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[    5.977860] RIP: 0033:0x7f297671defb
[    5.977860] Code: 8b 05 39 7f 0d 00 bb ff ff ff ff 64 c7 00 16 00 00 00 e9 61 ff ff ff e8 23 0c 02 00 0f 1f 00 f3 0f 1e fa b88
[    5.977860] RSP: 002b:00007ffee6242bb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[    5.977860] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f297671defb
[    5.977860] RDX: 0000000000000000 RSI: 00000000000001ed RDI: 000055c6b449f0e0
[    5.977860] RBP: 00007ffee6242bf0 R08: 000000000000000e R09: 0000000000000000
[    5.977860] R10: 0000000000000000 R11: 0000000000000246 R12: 000055c6b445db80
[    5.977860] R13: 00000000000003a0 R14: 00007f2976a68651 R15: 00000000000003a0
[    5.977860]  </TASK>
[    5.977860] Modules linked in:
[    6.014095] ---[ end trace 0000000000000000 ]---
[    6.014701] RIP: 0010:obj_cgroup_charge_pages+0x27/0x2d5
[    6.015348] Code: 90 90 90 55 41 57 41 56 41 55 41 54 53 89 d5 41 89 f6 49 89 ff 48 b8 00 00 00 00 00 fc ff df 49 83 c7 10 4d3
[    6.017575] RSP: 0018:ffffc9000001fb18 EFLAGS: 00010a02
[    6.018255] RAX: dffffc0000000000 RBX: aaaaaaaaaaaaaaaa RCX: ffff8883eb9a8b08
[    6.019120] RDX: 0000000000000005 RSI: 0000000000400cc0 RDI: aaaaaaaaaaaaaaaa
[    6.019983] RBP: 0000000000000005 R08: 3333333333333333 R09: 0000000000000000
[    6.020849] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8883eb9a8b18
[    6.021747] R13: 1555555555555557 R14: 0000000000400cc0 R15: aaaaaaaaaaaaaaba
[    6.022609] FS:  00007f2976438b40(0000) GS:ffff8883eb980000(0000) knlGS:0000000000000000
[    6.023593] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    6.024296] CR2: 00007f29769e0060 CR3: 0000000107222003 CR4: 0000000000370eb0
[    6.025279] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[    6.026139] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[    6.027000] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b

Actually the problem is caused by uninitialized local variable in
current_obj_cgroup().  If the root memory cgroup is set as an active
memory cgroup for a charging scope (as in the trace, where systemd tries
to create the first non-root cgroup, so the parent cgroup is the root
cgroup), the "for" loop is skipped and uninitialized objcg is returned,
causing a panic down the accounting stack.

The fix is trivial: initialize the objcg variable to NULL unconditionally
before the "for" loop.

[vbabka@suse.cz: remove redundant assignment]
  Link: https://lkml.kernel.org/r/4bd106d5-c3e3-6731-9a74-cff81e2392de@suse.cz
Link: https://lkml.kernel.org/r/20231116025109.3775055-1-roman.gushchin@linux.dev
Fixes: e86828e5446d ("mm: kmem: scoped objcg protection")
Signed-off-by: Roman Gushchin (Cruise) <roman.gushchin@linux.dev>
Signed-off-by: Vlastimil Babka <vbabka@suse.cz>
Reported-by: Erhard Furtner <erhard_f@mailbox.org>
Closes: https://github.com/ClangBuiltLinux/linux/issues/1959
Tested-by:  Erhard Furtner <erhard_f@mailbox.org>
Acked-by: Vlastimil Babka <vbabka@suse.cz>
Acked-by: Shakeel Butt <shakeelb@google.com>
Cc: David Rientjes <rientjes@google.com>
Cc: Dennis Zhou <dennis@kernel.org>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Michal Hocko <mhocko@kernel.org>
Cc: Muchun Song <muchun.song@linux.dev>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2023-12-06 16:12:44 -08:00
..
damon
mm/damon/core.c: avoid unintentional filtering out of schemes
2023-11-15 15:30:09 -08:00
kasan
Many singleton patches against the MM code. The patch series which are
2023-11-02 19:38:47 -10:00
kfence
LoongArch changes for v6.6
2023-09-08 12:16:52 -07:00
kmsan
mm: kmsan: panic on failure to allocate early boot metadata
2023-10-25 16:47:10 -07:00
backing-dev.c
writeback: remove redundant checks for root memcg
2023-08-21 13:37:48 -07:00
balloon_compaction.c
bootmem_info.c
bootmem: use kmemleak_free_part_phys in put_page_bootmem
2023-10-25 16:47:13 -07:00
cma_debug.c
cma_sysfs.c
mm: cma: make kobj_type structure constant
2023-03-28 16:20:06 -07:00
cma.c
mm/cma: use nth_page() in place of direct struct page manipulation
2023-10-04 10:32:29 -07:00
cma.h
compaction.c
mm/compaction: factor out code to test if we should run compaction for target order
2023-10-04 10:32:19 -07:00
debug_page_alloc.c
mm: page_alloc: split out DEBUG_PAGEALLOC
2023-06-09 16:25:23 -07:00
debug_page_ref.c
debug_vm_pgtable.c
mm: fix multiple typos in multiple files
2023-10-25 16:47:14 -07:00
debug.c
mm: update validate_mm() to use vma iterator
2023-06-09 16:25:31 -07:00
dmapool_test.c
dmapool: add alloc/free performance test
2023-04-05 19:42:38 -07:00
dmapool.c
dmapool: create/destroy cleanup
2023-06-09 16:25:17 -07:00
early_ioremap.c
mm/early_ioremap.c: improve the execution efficiency of early_ioremap_setup()
2023-06-09 16:25:56 -07:00
fadvise.c
mm: remove unnecessary pagevec includes
2023-06-23 16:59:31 -07:00
fail_page_alloc.c
mm: page_alloc: split out FAIL_PAGE_ALLOC
2023-06-09 16:25:23 -07:00
failslab.c
mm: fix unexpected changes to {failslab|fail_page_alloc}.attr
2022-11-22 18:50:44 -08:00
filemap.c
mm: more ptep_get() conversion
2023-11-15 15:30:09 -08:00
folio-compat.c
filemap: Add fgf_t typedef
2023-07-24 18:04:30 -04:00
gup_test.c
Merge mm-hotfixes-stable into mm-stable to pick up depended-upon changes.
2023-06-23 16:58:19 -07:00
gup_test.h
mm/gup_test: start/stop/read functionality for PIN LONGTERM test
2022-11-08 17:37:15 -08:00
gup.c
mm/gup: make failure to pin an error if FOLL_NOWAIT not specified
2023-10-18 14:34:15 -07:00
highmem.c
mm: ptep_get() conversion
2023-06-19 16:19:25 -07:00
hmm.c
mm: enable page walking API to lock vmas during the walk
2023-08-21 13:07:20 -07:00
huge_memory.c
mm: fix for negative counter: nr_file_hugepages
2023-11-15 15:30:09 -08:00
hugetlb_cgroup.c
mm, hugetlb: remove HUGETLB_CGROUP_MIN_ORDER
2023-10-18 14:34:17 -07:00
hugetlb_vmemmap.c
hugetlb_vmemmap: use folio argument for hugetlb_vmemmap_* functions
2023-10-25 16:47:08 -07:00
hugetlb_vmemmap.h
mm: hugetlb_vmemmap: fix reference to nonexistent file
2023-10-25 16:47:14 -07:00
hugetlb.c
hugetlb: fix null-ptr-deref in hugetlb_vma_lock_write
2023-12-06 16:12:43 -08:00
hwpoison-inject.c
init-mm.c
mm: move dummy_vm_ops out of a header
2023-08-21 13:37:46 -07:00
internal.h
mm: add page_rmappable_folio() wrapper
2023-10-25 16:47:16 -07:00
interval_tree.c
io-mapping.c
ioremap.c
mm: ioremap: remove unneeded ioremap_allowed and iounmap_allowed
2023-08-18 10:12:36 -07:00
Kconfig
mm: restrict the pcp batch scale factor to avoid too long latency
2023-10-25 16:47:10 -07:00
Kconfig.debug
mm: page_table_check: Make it dependent on EXCLUSIVE_SYSTEM_RAM
2023-05-29 16:14:28 +01:00
khugepaged.c
As usual, lots of singleton and doubleton patches all over the tree and
2023-11-02 20:53:31 -10:00
kmemleak.c
mm/kmemleak: move set_track_prepare() outside raw_spinlocks
2023-12-06 16:12:44 -08:00
ksm.c
mm: more ptep_get() conversion
2023-11-15 15:30:09 -08:00
list_lru.c
maccess.c
mm: Fix copy_from_user_nofault().
2023-04-12 17:36:23 -07:00
madvise.c
mm: drop the assumption that VM_SHARED always implies writable
2023-10-18 14:34:19 -07:00
Makefile
mm: vmscan: move shrinker-related code into a separate file
2023-10-04 10:32:23 -07:00
mapping_dirty_helpers.c
mm: fix clean_record_shared_mapping_range kernel-doc
2023-08-24 16:20:30 -07:00
memblock.c
memblock: report failures when memblock_can_resize is not set
2023-11-08 09:40:13 -08:00
memcontrol.c
mm: kmem: properly initialize local objcg variable in current_obj_cgroup()
2023-12-06 16:12:44 -08:00
memfd.c
memfd: drop warning for missing exec-related flags
2023-10-04 10:32:22 -07:00
memory_hotplug.c
mm: memory_hotplug: drop memoryless node from fallback lists
2023-10-25 16:47:14 -07:00
memory-failure.c
mm: convert DAX lock/unlock page to lock/unlock folio
2023-10-04 10:32:20 -07:00
memory-tiers.c
dax, kmem: calculate abstract distance with general interface
2023-10-16 15:44:39 -07:00
memory.c
mm/memory.c:zap_pte_range() print bad swap entry
2023-12-06 16:12:43 -08:00
mempolicy.c
Many singleton patches against the MM code. The patch series which are
2023-11-02 19:38:47 -10:00
mempool.c
mempool: do not use ksize() for poisoning
2022-11-30 15:58:41 -08:00
memremap.c
mm/memremap.c: fix outdated comment in devm_memremap_pages
2023-02-09 16:51:46 -08:00
memtest.c
mm: memtest: convert to memtest_report_meminfo()
2023-08-21 13:37:47 -07:00
migrate_device.c
Add x86 shadow stack support
2023-08-31 12:20:12 -07:00
migrate.c
mm: migrate: record the mlocked page status to remove unnecessary lru drain
2023-10-25 16:47:14 -07:00
mincore.c
mm: enable page walking API to lock vmas during the walk
2023-08-21 13:07:20 -07:00
mlock.c
mm: mlock: avoid folio_within_range() on KSM pages
2023-10-25 16:47:14 -07:00
mm_init.c
mm: hugetlb: skip initialization of gigantic tail struct pages if freed by HVO
2023-10-04 10:32:30 -07:00
mm_slot.h
mmap_lock.c
mmap.c
Many singleton patches against the MM code. The patch series which are
2023-11-02 19:38:47 -10:00
mmu_gather.c
mm: fix kernel-doc warning from tlb_flush_rmaps()
2023-08-24 16:20:30 -07:00
mmu_notifier.c
mmu_notifiers: rename invalidate_range notifier
2023-08-18 10:12:41 -07:00
mmzone.c
mm: remove page_cpupid_xchg_last()
2023-10-25 16:47:13 -07:00
mprotect.c
mm: mprotect: use a folio in change_pte_range()
2023-10-25 16:47:12 -07:00
mremap.c
mm: abstract VMA merge and extend into vma_merge_extend() helper
2023-10-18 14:34:18 -07:00
msync.c
nommu.c
Many singleton patches against the MM code. The patch series which are
2023-11-02 19:38:47 -10:00
oom_kill.c
mm/oom_killer: simplify OOM killer info dump helper
2023-10-25 16:47:10 -07:00
page_alloc.c
mm: add page_rmappable_folio() wrapper
2023-10-25 16:47:16 -07:00
page_counter.c
page_ext.c
mm/page_ext: move functions around for minor cleanups to page_ext
2023-08-18 10:12:31 -07:00
page_idle.c
mm: page_idle: convert page idle to use a folio
2023-01-18 17:12:52 -08:00
page_io.c
mm: memcg: add THP swap out info for anonymous reclaim
2023-10-04 10:32:27 -07:00
page_isolation.c
mm/hugetlb: get rid of page_hstate()
2023-08-18 10:12:39 -07:00
page_owner.c
mm/page_owner: remove free_ts from page_owner output
2023-10-18 14:34:19 -07:00
page_poison.c
mm/page_poison: remove unused page_ext.h from page_poison
2023-08-21 13:37:30 -07:00
page_reporting.c
mm, treewide: redefine MAX_ORDER sanely
2023-04-05 19:42:46 -07:00
page_reporting.h
page_table_check.c
mm: convert page_table_check_pte_set() to page_table_check_ptes_set()
2023-08-24 16:20:18 -07:00
page_vma_mapped.c
mm: correct stale comment of function check_pte
2023-08-18 10:12:13 -07:00
page-writeback.c
filemap: add a per-mapping stable writes flag
2023-11-20 15:05:18 +01:00
pagewalk.c
mm/pagewalk: fix bootstopping regression from extra pte_unmap()
2023-09-02 08:39:21 -07:00
percpu-internal.h
percpu-internal/pcpu_chunk: re-layout pcpu_chunk structure to reduce false sharing
2023-06-19 16:19:29 -07:00
percpu-km.c
percpu-stats.c
percpu-vm.c
percpu.c
Many singleton patches against the MM code. The patch series which are
2023-11-02 19:38:47 -10:00
pgalloc-track.h
pgtable-generic.c
mm/pgtable: notes on pte_offset_map[_lock]()
2023-08-18 10:12:25 -07:00
process_vm_access.c
mm/gup: remove unused vmas parameter from pin_user_pages_remote()
2023-06-09 16:25:25 -07:00
ptdump.c
mm: ptdump should use ptep_get_lockless()
2023-06-19 16:19:24 -07:00
readahead.c
vfs: fix readahead(2) on block devices
2023-10-19 11:02:49 +02:00
rmap.c
mm/rmap: convert page_move_anon_rmap() to folio_move_anon_rmap()
2023-10-18 14:34:14 -07:00
rodata_test.c
secretmem.c
mm/secretmem: use a folio in secretmem_fault()
2023-08-21 13:38:02 -07:00
shmem_quota.c
shmem: Add default quota limit mount options
2023-08-09 09:15:40 +02:00
shmem.c
As usual, lots of singleton and doubleton patches all over the tree and
2023-11-02 20:53:31 -10:00
show_mem.c
mm: refactor si_mem_available()
2023-10-04 10:32:19 -07:00
shrinker_debug.c
mm: shrinker: convert shrinker_rwsem to mutex
2023-10-04 10:32:26 -07:00
shrinker.c
mm: shrinker: convert shrinker_rwsem to mutex
2023-10-04 10:32:26 -07:00
shuffle.c
mm/shuffle: convert module_param_call to module_param_cb
2022-10-03 14:03:07 -07:00
shuffle.h
mm, treewide: redefine MAX_ORDER sanely
2023-04-05 19:42:46 -07:00
slab_common.c
RCU pull request for v6.7
2023-10-30 18:01:41 -10:00
slab.c
Randomized slab caches for kmalloc()
2023-07-18 10:07:47 +02:00
slab.h
mm: kmem: scoped objcg protection
2023-10-25 16:47:11 -07:00
slub.c
mm/slub: refactor calculate_order() and calc_slab_order()
2023-10-02 11:55:47 +02:00
sparse-vmemmap.c
mm/vmemmap: allow architectures to override how vmemmap optimization works
2023-08-18 10:12:53 -07:00
sparse.c
mm/sparse: remove redundant judgments from macro for_each_present_section_nr
2023-08-18 10:12:14 -07:00
swap_cgroup.c
mm: memcontrol: don't allocate cgroup swap arrays when memcg is disabled
2022-10-03 14:03:36 -07:00
swap_slots.c
swap_state.c
mempolicy: alloc_pages_mpol() for NUMA policy without vma
2023-10-25 16:47:16 -07:00
swap.c
mm: remove references to pagevec
2023-06-23 16:59:30 -07:00
swap.h
mempolicy: alloc_pages_mpol() for NUMA policy without vma
2023-10-25 16:47:16 -07:00
swapfile.c
mm/swap: Convert to use bdev_open_by_dev()
2023-10-28 13:29:19 +02:00
truncate.c
- Some swap cleanups from Ma Wupeng ("fix WARN_ON in add_to_avail_list")
2023-08-29 14:25:26 -07:00
usercopy.c
mm: Fix copy_from_user_nofault().
2023-04-12 17:36:23 -07:00
userfaultfd.c
mm: more ptep_get() conversion
2023-11-15 15:30:09 -08:00
util.c
parisc: fix mmap_base calculation when stack grows upwards
2023-11-15 15:30:09 -08:00
vmalloc.c
mm/vmalloc: fix the unchecked dereference warning in vread_iter()
2023-11-01 12:38:35 -07:00
vmpressure.c
net-memcg: Fix scope of sockmem pressure indicators
2023-08-16 12:21:32 +01:00
vmscan.c
mm: multi-gen LRU: reuse some legacy trace events
2023-10-18 14:34:14 -07:00
vmstat.c
mm: tune PCP high automatically
2023-10-25 16:47:10 -07:00
workingset.c
mm: workingset: dynamically allocate the mm-shadow shrinker
2023-10-04 10:32:24 -07:00
z3fold.c
mm/z3fold: remove obsolete comment for struct z3fold_pool
2023-08-21 13:37:51 -07:00
zbud.c
mm: zswap: remove shrink from zpool interface
2023-06-19 16:19:27 -07:00
zpool.c
mm: zswap: remove shrink from zpool interface
2023-06-19 16:19:27 -07:00
zsmalloc.c
zsmalloc: use copy_page for full page copy
2023-10-18 14:34:16 -07:00
zswap.c
zswap: export compression failure stats
2023-11-01 12:38:35 -07:00