[PATCH] mm: move memcg_print_bad_task out of mem_cgroup_scan_tasks to avoid wrong type cast - Kernel

16 Apr 2023

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I6NYW4
CVE: NA
--------------------------------
raw call flow:
oom_kill_process
  -> mem_cgroup_scan_tasks(.., .., message)
    -> memcg_print_bad_task(message, ..)
message is "const char*" type, and incorrectly cast to
"oom_control*" type in memcg_print_bad_task.
Fix it by moving memcg_print_bad_task out of mem_cgroup_scan_tasks
and call it in select_bad_process and dump_tasks.
Signed-off-by: Kang Chen void0red@hust.edu.cn
---
 mm/memcontrol.c |  3 ---
 mm/oom_kill.c   | 24 ++++++++++++++++++------
 2 files changed, 18 insertions(+), 9 deletions(-)

diff --git a/mm/memcontrol.c b/mm/memcontrol.c
index 635cb8b65b86..8e0d5d484153 100644
--- a/mm/memcontrol.c
+++ b/mm/memcontrol.c
@@ -1214,9 +1214,6 @@ int mem_cgroup_scan_tasks(struct mem_cgroup *memcg,
    		break;
    	}
    }
-#ifdef CONFIG_MEMCG_QOS
-	memcg_print_bad_task(arg, ret);
-#endif
    return ret;
 }
diff --git a/mm/oom_kill.c b/mm/oom_kill.c
index 0f77eb4c6644..1e3ba16dd748 100644
--- a/mm/oom_kill.c
+++ b/mm/oom_kill.c
@@ -406,11 +406,17 @@ static int oom_evaluate_task(struct task_struct *task, void *arg)
  */
 static void select_bad_process(struct oom_control *oc)
 {
+	int ret;
    oc->chosen_points = LONG_MIN;
-	if (is_memcg_oom(oc))
-		mem_cgroup_scan_tasks(oc->memcg, oom_evaluate_task, oc);
-	else {
+	if (is_memcg_oom(oc)) {
+		ret = mem_cgroup_scan_tasks(oc->memcg, oom_evaluate_task, oc);
+
+#ifdef CONFIG_MEMCG_QOS
+		memcg_print_bad_task(oc, ret);
+#endif
+
+	} else {
    	struct task_struct *p;
#ifdef CONFIG_MEMCG_QOS
@@ -470,12 +476,18 @@ static int dump_task(struct task_struct *p, void *arg)
  */
 static void dump_tasks(struct oom_control *oc)
 {
+	int ret;
    pr_info("Tasks state (memory values in pages):\n");
    pr_info("[  pid  ]   uid  tgid total_vm      rss pgtables_bytes swapents oom_score_adj name\n");
-	if (is_memcg_oom(oc))
-		mem_cgroup_scan_tasks(oc->memcg, dump_task, oc);
-	else {
+	if (is_memcg_oom(oc)) {
+		ret = mem_cgroup_scan_tasks(oc->memcg, dump_task, oc);
+
+#ifdef CONFIG_MEMCG_QOS
+		memcg_print_bad_task(oc, ret);
+#endif
+
+	} else {
    	struct task_struct *p;
rcu_read_lock();
-- 
2.34.1


    