Received: by 2002:a25:8b12:0:0:0:0:0 with SMTP id i18csp614480ybl;
        Thu, 22 Aug 2019 02:07:16 -0700 (PDT)
X-Google-Smtp-Source: APXvYqwZtYhP6zHxP80wUtqHkR5Ehx6mub3u0JvXwaRyhyErZYxmcEYSfSID44x0aRGom4W9Uk8v
X-Received: by 2002:a17:902:a715:: with SMTP id w21mr36456633plq.274.1566464836117;
        Thu, 22 Aug 2019 02:07:16 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1566464836; cv=none;
        d=google.com; s=arc-20160816;
        b=NjIwflrTSJui8yZXABFEPe7EDxKdSOEbHCOTor9dqiMJ6zITeq+4mLWkL/CBRRNViG
         BcfiJ9HTubL+BKL44Jbtf5iVew4lCaMf0/np2Ty/JjpnePJ8irbSBuYW99I28mMJFM7U
         BNcjv1xt9fgTWnIyLcX+osQ74/0udj8l2RNb0KbGwwrcP9pB62oZzLjaYae+oqayClTZ
         P7Psbz1WnWaL1qHqyXkgzf8FoZHDcxXmaxaBn4jQ9X9UjtMcUgFQXvjZkU7W3U72u6Tu
         /d+rOBlvCdOHIuL4MvX18EklswNv57nG3wQ5uHNPL2ZMZ1FqyKmZeF+4A5fgfswJPCtM
         ddBw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date;
        bh=gBi5wIZ9w7k8JhdJhtzNBj/P8ABTGTsOFO56/psNtJ4=;
        b=NQj9shTzt9KD9v8ENmuAQmhbQh0gT9UF0f9p8dJNZm8raZixf+q5SmBPaLKe7lz0pU
         KkWazbQF7cVFGUKhsO1mrISylhYWLZkvX85KGeQu0/ss7G9xaBsth378GRg6s9gDxj5k
         33Lwa08qVHfNOsphgGWmI3vgOPAT7rgxqTrZkRp2kimLeex9f+eOlgijCHz/isdRBe2r
         NAD0fVRTHXQ+snKRV686HJOenydH/gQI04l0TP1ly/NAJUlQLo2zzz7izjp3loM9W0Of
         DnUEaHbou9eY5I8lD73Zo6QCjUuJ8naM56gzkDqIV42WusdQ3ApFq/1v2zk57uYLMRdx
         nnYw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id h12si16931677pls.334.2019.08.22.02.06.59;
        Thu, 22 Aug 2019 02:07:16 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729081AbfHVHFx (ORCPT <rfc822;zoe.song.ucas@gmail.com>
        + 99 others); Thu, 22 Aug 2019 03:05:53 -0400
Received: from mx2.suse.de ([195.135.220.15]:58868 "EHLO mx1.suse.de"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1726857AbfHVHFw (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 22 Aug 2019 03:05:52 -0400
X-Virus-Scanned: by amavisd-new at test-mx.suse.de
Received: from relay2.suse.de (unknown [195.135.220.254])
        by mx1.suse.de (Postfix) with ESMTP id A338EAE00;
        Thu, 22 Aug 2019 07:05:51 +0000 (UTC)
Date:   Thu, 22 Aug 2019 09:05:50 +0200
From:   Michal Hocko <mhocko@kernel.org>
To:     Yizhuo <yzhai003@ucr.edu>
Cc:     csong@cs.ucr.edu, zhiyunq@cs.ucr.edu,
        Johannes Weiner <hannes@cmpxchg.org>,
        Vladimir Davydov <vdavydov.dev@gmail.com>,
        cgroups@vger.kernel.org, linux-mm@kvack.org,
        linux-kernel@vger.kernel.org
Subject: Re: [PATCH] mm/memcg: return value of the function
 mem_cgroup_from_css() is not checked
Message-ID: <20190822070550.GA12785@dhcp22.suse.cz>
References: <20190822062210.18649-1-yzhai003@ucr.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20190822062210.18649-1-yzhai003@ucr.edu>
User-Agent: Mutt/1.10.1 (2018-07-13)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed 21-08-19 23:22:09, Yizhuo wrote:
> Inside function mem_cgroup_wb_domain(), the pointer memcg
> could be NULL via mem_cgroup_from_css(). However, this pointer is
> not checked and directly dereferenced in the if statement,
> which is potentially unsafe.

Could you describe circumstances when this would happen? The code is
this way for 5 years without any issues. Are we just lucky or something
has changed recently to make this happen?
 
> Signed-off-by: Yizhuo <yzhai003@ucr.edu>
> ---
>  mm/memcontrol.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/mm/memcontrol.c b/mm/memcontrol.c
> index 661f046ad318..bd84bdaed3b0 100644
> --- a/mm/memcontrol.c
> +++ b/mm/memcontrol.c
> @@ -3665,7 +3665,7 @@ struct wb_domain *mem_cgroup_wb_domain(struct bdi_writeback *wb)
>  {
>  	struct mem_cgroup *memcg = mem_cgroup_from_css(wb->memcg_css);
>  
> -	if (!memcg->css.parent)
> +	if (!memcg || !memcg->css.parent)
>  		return NULL;
>  
>  	return &memcg->cgwb_domain;
> -- 
> 2.17.1
> 

-- 
Michal Hocko
SUSE Labs