Return-Path: <linux-rt-users-owner@vger.kernel.org>
Received: from rack3slot8.osadl.org (rack3slot8.osadl.org [127.0.0.1])
by rack3slot8.osadl.org (8.13.8/8.13.8/CE-2010120801) with ESMTP id r1DGFPT6032536
for <ce@thllin.ceag.ch>; Wed, 13 Feb 2013 17:15:25 +0100
Received: from toro.web-alm.net (uucp@localhost)
by rack3slot8.osadl.org (8.13.8/8.13.8/Submit) with bsmtp id r1DGFPlZ032530
for ce@mailgate.computer-experts.de; Wed, 13 Feb 2013 17:15:25 +0100
Received: from www.osadl.org (www.osadl.org [62.245.132.105])
by toro.web-alm.net (8.12.11.20060308/8.12.11/Web-Alm-2003112001) with ESMTP id r1DGENvd006880
for <ce@ceag.ch>; Wed, 13 Feb 2013 17:14:23 +0100
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
by www.osadl.org (8.13.8/8.13.8/OSADL-2007092901) with ESMTP id r1DGEAql023942
for <Carsten.Emde@osadl.org>; Wed, 13 Feb 2013 17:14:19 +0100
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S934386Ab3BMQNX (ORCPT <rfc822;Carsten.Emde@osadl.org>);
Wed, 13 Feb 2013 11:13:23 -0500
Received: from www.linutronix.de ([62.245.132.108]:59743 "EHLO
Galois.linutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S934383Ab3BMQNU (ORCPT
<rfc822;linux-rt-users@vger.kernel.org>);
Wed, 13 Feb 2013 11:13:20 -0500
Received: from localhost ([127.0.0.1] helo=localhost.localdomain)
by Galois.linutronix.de with esmtp (Exim 4.72)
(envelope-from <bigeasy@linutronix.de>)
id 1U5exQ-0005iT-Uh; Wed, 13 Feb 2013 17:13:17 +0100
From: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
To: Steven Rostedt <rostedt@goodmis.org>
Cc: linux-kernel@vger.kernel.org, linux-rt-users@vger.kernel.org,
Carsten Emde <C.Emde@osadl.org>, Christoph Lameter <cl@linux.com>,
Pekka Enberg <penberg@kernel.org>,
Thomas Gleixner <tglx@linutronix.de>,
Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Subject: [PATCH 09/16] FIX [1/2] slub: Do not dereference NULL pointer in node_match
Date: Wed, 13 Feb 2013 17:12:04 +0100
Message-Id: <1360771932-27150-10-git-send-email-bigeasy@linutronix.de>
X-Mailer: git-send-email 1.7.10.4
In-Reply-To: <1360771932-27150-1-git-send-email-bigeasy@linutronix.de>
References: <1360771932-27150-1-git-send-email-bigeasy@linutronix.de>
X-Linutronix-Spam-Score: -1.0
X-Linutronix-Spam-Level: -
X-Linutronix-Spam-Status: No , -1.0 points, 5.0 required, ALL_TRUSTED=-1,SHORTCIRCUIT=-0.0001
Sender: linux-rt-users-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-rt-users.vger.kernel.org>
X-Mailing-List: linux-rt-users@vger.kernel.org
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW
autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on rack3slot8.osadl.org
X-Virus-Scanned: ClamAV version 0.94.2, clamav-milter version 0.94.2 on rack3slot8.osadl.org
X-Virus-Status: Clean
From: Christoph Lameter <cl@linux.com>
The variables accessed in slab_alloc are volatile and therefore
the page pointer passed to node_match can be NULL. The processing
of data in slab_alloc is tentative until either the cmpxhchg
succeeds or the __slab_alloc slowpath is invoked. Both are
able to perform the same allocation from the freelist.
Check for the NULL pointer in node_match.
A false positive will lead to a retry of the loop in __slab_alloc.
Signed-off-by: Christoph Lameter <cl@linux.com>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Pekka Enberg <penberg@kernel.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
[bigeasy@linutronix: replace page with c->page]
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
---
mm/slub.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: linux-3.2.35-rt53/mm/slub.c
===================================================================
@ linux-3.2.35-rt53/mm/slub.c:2041 @ static void flush_all(struct kmem_cache
static inline int node_match(struct kmem_cache_cpu *c, int node)
{
#ifdef CONFIG_NUMA
- if (node != NUMA_NO_NODE && c->node != node)
+ if (!c->page || (node != NUMA_NO_NODE && c->node != node))
return 0;
#endif
return 1;