diff options
| author | Dave Jones <davej@redhat.com> | 2014-01-29 17:05:48 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2014-01-29 19:22:40 -0500 |
| commit | ba3253c78d7443d2c80c544b1e7aec9f39938395 (patch) | |
| tree | 450625e2e787ca1f9da46d97cec3967678a6a7e4 /mm | |
| parent | 49382d93852f1ba4a4fbbce20d094f600cc8aff8 (diff) | |
slab: fix wrong retval on kmem_cache_create_memcg error path
On kmem_cache_create_memcg() error path we set 'err', but leave 's' (the
new cache ptr) undefined. The latter can be NULL if we could not
allocate the cache, or pointing to a freed area if we failed somewhere
later while trying to initialize it. Initially we checked 'err'
immediately before exiting the function and returned NULL if it was set
ignoring the value of 's':
out_unlock:
...
if (err) {
/* report error */
return NULL;
}
return s;
Recently this check was, in fact, broken by commit f717eb3abb5e ("slab:
do not panic if we fail to create memcg cache"), which turned it to:
out_unlock:
...
if (err && !memcg) {
/* report error */
return NULL;
}
return s;
As a result, if we are failing creating a cache for a memcg, we will
skip the check and return 's' that can contain crap. Obviously, commit
f717eb3abb5e intended not to return crap on error allocating a cache for
a memcg, but only to remove the error reporting in this case, so the
check should look like this:
out_unlock:
...
if (err) {
if (!memcg)
return NULL;
/* report error */
return NULL;
}
return s;
[rientjes@google.com: despaghettification]
[vdavydov@parallels.com: patch monkeying]
Signed-off-by: David Rientjes <rientjes@google.com>
Signed-off-by: Vladimir Davydov <vdavydov@parallels.com>
Signed-off-by: Dave Jones <davej@redhat.com>
Reported-by: Dave Jones <davej@redhat.com>
Acked-by: Pekka Enberg <penberg@kernel.org>
Cc: Christoph Lameter <cl@linux.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'mm')
| -rw-r--r-- | mm/slab_common.c | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/mm/slab_common.c b/mm/slab_common.c index 8e40321da091..1ec3c619ba04 100644 --- a/mm/slab_common.c +++ b/mm/slab_common.c | |||
| @@ -233,14 +233,17 @@ out_unlock: | |||
| 233 | mutex_unlock(&slab_mutex); | 233 | mutex_unlock(&slab_mutex); |
| 234 | put_online_cpus(); | 234 | put_online_cpus(); |
| 235 | 235 | ||
| 236 | /* | 236 | if (err) { |
| 237 | * There is no point in flooding logs with warnings or especially | 237 | /* |
| 238 | * crashing the system if we fail to create a cache for a memcg. In | 238 | * There is no point in flooding logs with warnings or |
| 239 | * this case we will be accounting the memcg allocation to the root | 239 | * especially crashing the system if we fail to create a cache |
| 240 | * cgroup until we succeed to create its own cache, but it isn't that | 240 | * for a memcg. In this case we will be accounting the memcg |
| 241 | * critical. | 241 | * allocation to the root cgroup until we succeed to create its |
| 242 | */ | 242 | * own cache, but it isn't that critical. |
| 243 | if (err && !memcg) { | 243 | */ |
| 244 | if (!memcg) | ||
| 245 | return NULL; | ||
| 246 | |||
| 244 | if (flags & SLAB_PANIC) | 247 | if (flags & SLAB_PANIC) |
| 245 | panic("kmem_cache_create: Failed to create slab '%s'. Error %d\n", | 248 | panic("kmem_cache_create: Failed to create slab '%s'. Error %d\n", |
| 246 | name, err); | 249 | name, err); |