Re: [PATCH v3 7/9] mm/page_owner: avoid null pointer dereference

[Andrew Morton]

On Fri, 17 Jun 2016 15:32:20 +0200 Vlastimil Babka <vba...@suse.cz> wrote:

> On 06/17/2016 09:57 AM, js1...@gmail.com wrote:
> > From: Sudip Mukherjee <sudipm.mukher...@gmail.com>
> >
> > We have dereferenced page_ext before checking it. Lets check it first
> > and then used it.
> >
> > Link: 
> > http://lkml.kernel.org/r/1465249059-7883-1-git-send-email-sudipm.mukher...@gmail.com
> > Signed-off-by: Sudip Mukherjee <sudip.mukher...@codethink.co.uk>
> > Signed-off-by: Joonsoo Kim <iamjoonsoo....@lge.com>
> 
> Hmm, this is already in mmotm as 
> http://www.ozlabs.org/~akpm/mmotm/broken-out/mm-page_owner-use-stackdepot-to-store-stacktrace-fix.patch
> 
> But imho it's fixing a problem not related to your patch, but something that 
> the 
> commit f86e4271978b missed. So it should separately go to 4.7 ASAP.
> 
> Acked-by: Vlastimil Babka <vba...@suse.cz>
> Fixes: f86e4271978b ("mm: check the return value of lookup_page_ext for all 
> call 
> sites")

Thanks, I reordered Sudip's patch.



From: Sudip Mukherjee <sudipm.mukher...@gmail.com>
Subject: mm/page_owner: avoid null pointer dereference

We have dereferenced page_ext before checking it. Lets check it first
and then used it.

Fixes: f86e4271978b ("mm: check the return value of lookup_page_ext for all 
call sites")
Link: 
http://lkml.kernel.org/r/1465249059-7883-1-git-send-email-sudipm.mukher...@gmail.com
Signed-off-by: Sudip Mukherjee <sudip.mukher...@codethink.co.uk>
Acked-by: Vlastimil Babka <vba...@suse.cz>
Cc: Joonsoo Kim <iamjoonsoo....@lge.com>
Signed-off-by: Andrew Morton <a...@linux-foundation.org>
---

 mm/page_owner.c |    6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff -puN mm/page_owner.c~mm-page_owner-use-stackdepot-to-store-stacktrace-fix 
mm/page_owner.c
--- a/mm/page_owner.c~mm-page_owner-use-stackdepot-to-store-stacktrace-fix
+++ a/mm/page_owner.c
@@ -207,13 +207,15 @@ void __dump_page_owner(struct page *page
                .nr_entries = page_ext->nr_entries,
                .entries = &page_ext->trace_entries[0],
        };
-       gfp_t gfp_mask = page_ext->gfp_mask;
-       int mt = gfpflags_to_migratetype(gfp_mask);
+       gfp_t gfp_mask;
+       int mt;
 
        if (unlikely(!page_ext)) {
                pr_alert("There is not page extension available.\n");
                return;
        }
+       gfp_mask = page_ext->gfp_mask;
+       mt = gfpflags_to_migratetype(gfp_mask);
 
        if (!test_bit(PAGE_EXT_OWNER, &page_ext->flags)) {
                pr_alert("page_owner info is not active (free page?)\n");
_