| Subject: FIX [1/2] slub: Do not dereference NULL pointer in node_match |
| From: Christoph Lameter <cl@linux.com> |
| Date: Wed, 23 Jan 2013 21:45:47 +0000 |
| |
| The variables accessed in slab_alloc are volatile and therefore |
| the page pointer passed to node_match can be NULL. The processing |
| of data in slab_alloc is tentative until either the cmpxhchg |
| succeeds or the __slab_alloc slowpath is invoked. Both are |
| able to perform the same allocation from the freelist. |
| |
| Check for the NULL pointer in node_match. |
| |
| A false positive will lead to a retry of the loop in __slab_alloc. |
| |
| Signed-off-by: Christoph Lameter <cl@linux.com> |
| Cc: Steven Rostedt <rostedt@goodmis.org> |
| Cc: Pekka Enberg <penberg@kernel.org> |
| Signed-off-by: Thomas Gleixner <tglx@linutronix.de> |
| |
| Index: linux/mm/slub.c |
| =================================================================== |
| --- linux.orig/mm/slub.c 2013-01-18 08:47:29.198954250 -0600 |
| +++ linux/mm/slub.c 2013-01-18 08:47:40.579126371 -0600 |
| @@ -2041,7 +2041,7 @@ static void flush_all(struct kmem_cache |
| static inline int node_match(struct page *page, int node) |
| { |
| #ifdef CONFIG_NUMA |
| - if (node != NUMA_NO_NODE && page_to_nid(page) != node) |
| + if (!page || (node != NUMA_NO_NODE && page_to_nid(page) != node)) |
| return 0; |
| #endif |
| return 1; |
| |
| -- |
| To unsubscribe from this list: send the line "unsubscribe linux-rt-users" in |
| the body of a message to majordomo@vger.kernel.org |
| More majordomo info at http://vger.kernel.org/majordomo-info.html |
| |
| |
