From: Kang Chen <void0red@hust.edu.cn> hulk inclusion category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I6NYW4 CVE: NA -------------------------------- raw call flow: oom_kill_process -> mem_cgroup_scan_tasks(.., .., message) -> memcg_print_bad_task(message, ..) message is "const char*" type, and incorrectly cast to "oom_control*" type in memcg_print_bad_task. Fix it by moving memcg_print_bad_task out of mem_cgroup_scan_tasks and call it in select_bad_process and dump_tasks. Furthermore, use struct oom_control* directly and remove the useless parm `ret`. Reviewed-by: Kefeng Wang <wangkefeng.wang@huawei.com> Signed-off-by: Kang Chen <void0red@hust.edu.cn> Conflicts: include/linux/memcontrol.h Signed-off-by: Liu Shixin <liushixin2@huawei.com> --- include/linux/memcontrol.h | 3 ++- mm/memcontrol.c | 16 +++++++++------- mm/oom_kill.c | 14 ++++++++------ 3 files changed, 19 insertions(+), 14 deletions(-) diff --git a/include/linux/memcontrol.h b/include/linux/memcontrol.h index a0143237b8a7..3480d9030108 100644 --- a/include/linux/memcontrol.h +++ b/include/linux/memcontrol.h @@ -23,6 +23,7 @@ #include <linux/page-flags.h> #include <linux/kabi.h> #include <linux/dynamic_hugetlb.h> +#include <linux/oom.h> struct mem_cgroup; struct obj_cgroup; @@ -400,7 +401,7 @@ DECLARE_STATIC_KEY_FALSE(memcg_qos_stat_key); bool memcg_low_priority_scan_tasks(int (*)(struct task_struct *, void *), void *); -void memcg_print_bad_task(void *arg, int ret); +void memcg_print_bad_task(struct oom_control *oc); extern int sysctl_memcg_qos_handler(struct ctl_table *table, int write, void __user *buffer, size_t *length, loff_t *ppos); #endif diff --git a/mm/memcontrol.c b/mm/memcontrol.c index 467c1f2fd6ae..81429e8266ab 100644 --- a/mm/memcontrol.c +++ b/mm/memcontrol.c @@ -1201,9 +1201,6 @@ int mem_cgroup_scan_tasks(struct mem_cgroup *memcg, break; } } -#ifdef CONFIG_MEMCG_QOS - memcg_print_bad_task(arg, ret); -#endif return ret; } @@ -3950,14 +3947,12 @@ bool memcg_low_priority_scan_tasks(int (*fn)(struct task_struct *, void *), return oc->chosen ? true : false; } -void memcg_print_bad_task(void *arg, int ret) +void memcg_print_bad_task(struct oom_control *oc) { - struct oom_control *oc = arg; - if (!static_branch_likely(&memcg_qos_stat_key)) return; - if (!ret && oc->chosen) { + if (oc->chosen) { struct mem_cgroup *memcg; memcg = mem_cgroup_from_task(oc->chosen); @@ -3988,6 +3983,13 @@ int sysctl_memcg_qos_handler(struct ctl_table *table, int write, return ret; } + +#else + +void memcg_print_bad_task(struct oom_control *oc) +{ +} + #endif #ifdef CONFIG_NUMA diff --git a/mm/oom_kill.c b/mm/oom_kill.c index 7eb4fda1ce87..41b1ea3b5703 100644 --- a/mm/oom_kill.c +++ b/mm/oom_kill.c @@ -408,9 +408,10 @@ static void select_bad_process(struct oom_control *oc) { oc->chosen_points = LONG_MIN; - if (is_memcg_oom(oc)) - mem_cgroup_scan_tasks(oc->memcg, oom_evaluate_task, oc); - else { + if (is_memcg_oom(oc)) { + if (!mem_cgroup_scan_tasks(oc->memcg, oom_evaluate_task, oc)) + memcg_print_bad_task(oc); + } else { struct task_struct *p; #ifdef CONFIG_MEMCG_QOS @@ -473,9 +474,10 @@ static void dump_tasks(struct oom_control *oc) pr_info("Tasks state (memory values in pages):\n"); pr_info("[ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name\n"); - if (is_memcg_oom(oc)) - mem_cgroup_scan_tasks(oc->memcg, dump_task, oc); - else { + if (is_memcg_oom(oc)) { + if (!mem_cgroup_scan_tasks(oc->memcg, dump_task, oc)) + memcg_print_bad_task(oc); + } else { struct task_struct *p; rcu_read_lock(); -- 2.25.1