projects
/
linux-2.6-microblaze.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
84697bf
)
cgroup/dmem: fix NULL pointer dereference when setting max
author
Chen Ridong
<chenridong@huawei.com>
Mon, 2 Feb 2026 12:27:16 +0000
(12:27 +0000)
committer
Tejun Heo
<tj@kernel.org>
Mon, 2 Feb 2026 16:02:42 +0000
(06:02 -1000)
An issue was triggered:
BUG: kernel NULL pointer dereference, address:
0000000000000000
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 0 P4D 0
Oops: Oops: 0000 [#1] SMP NOPTI
CPU: 15 UID: 0 PID: 658 Comm: bash Tainted: 6.19.0-rc6-next-
2026012
Tainted: [O]=OOT_MODULE
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
RIP: 0010:strcmp+0x10/0x30
RSP: 0018:
ffffc900017f7dc0
EFLAGS:
00000246
RAX:
0000000000000000
RBX:
0000000000000000
RCX:
ffff888107cd4358
RDX:
0000000019f73907
RSI:
ffffffff82cc381a
RDI:
0000000000000000
RBP:
ffff8881016bef0d
R08:
000000006c0e7145
R09:
0000000056c0e714
R10:
0000000000000001
R11:
ffff888107cd4358
R12:
0007ffffffffffff
R13:
ffff888101399200
R14:
ffff888100fcb360
R15:
0007ffffffffffff
CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033
CR2:
0000000000000000
CR3:
0000000105c79000
CR4:
00000000000006f0
Call Trace:
<TASK>
dmemcg_limit_write.constprop.0+0x16d/0x390
? __pfx_set_resource_max+0x10/0x10
kernfs_fop_write_iter+0x14e/0x200
vfs_write+0x367/0x510
ksys_write+0x66/0xe0
do_syscall_64+0x6b/0x390
entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f42697e1887
It was trriggered setting max without limitation, the command is like:
"echo test/region0 > dmem.max". To fix this issue, add check whether
options is valid after parsing the region_name.
Fixes:
b168ed458dde
("kernel/cgroup: Add "dmem" memory accounting cgroup")
Cc: stable@vger.kernel.org # v6.14+
Signed-off-by: Chen Ridong <chenridong@huawei.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
kernel/cgroup/dmem.c
patch
|
blob
|
history
diff --git
a/kernel/cgroup/dmem.c
b/kernel/cgroup/dmem.c
index
e12b946
..
1f0d6ca
100644
(file)
--- a/
kernel/cgroup/dmem.c
+++ b/
kernel/cgroup/dmem.c
@@
-700,6
+700,9
@@
static ssize_t dmemcg_limit_write(struct kernfs_open_file *of,
if (!region_name[0])
continue;
+ if (!options || !*options)
+ return -EINVAL;
+
rcu_read_lock();
region = dmemcg_get_region_by_name(region_name);
rcu_read_unlock();