From ddde671cf4f4c9ac41e570ba415c6a49c2d880cb Mon Sep 17 00:00:00 2001
From: Jinjiang Tu <tujinjiang@huawei.com>
Date: Thu, 18 Jan 2024 11:37:16 +0800
Subject: [PATCH] mm/oom_kill: fix NULL pointer dereference in
 memcg_print_bad_task()

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I8WVL2
CVE: NA

--------------------------------

In OLK-5.10, when oc->chosen is assigned with -1 in oom_evaluate_task(),
mem_cgroup_scan_tasks() will return -1, and only calls
memcg_print_bad_task() when the return value is 0.

commit 025b7799b35d ("mm/memcg: remove return value of
mem_cgroup_scan_tasks()") removes return value of mem_cgroup_scan_tasks().
When adapting memcg oom priority feature to OLK-6.6, memcg_print_bad_task()
will be called in all cases, and forgets to check if oc->chosen is -1,
leading to NULL pointer dereference.

Fixes: be8d95530886 ("memcg: support priority for oom")
Signed-off-by: Jinjiang Tu <tujinjiang@huawei.com>
---
 mm/memcontrol.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mm/memcontrol.c b/mm/memcontrol.c
index 7ab0eec942ba..8327cef9d53a 100644
--- a/mm/memcontrol.c
+++ b/mm/memcontrol.c
@@ -4219,7 +4219,7 @@ void memcg_print_bad_task(struct oom_control *oc)
 	if (memcg_oom_prio_disabled())
 		return;
 
-	if (oc->chosen) {
+	if (oc->chosen && oc->chosen != (void *)-1UL) {
 		struct mem_cgroup *memcg;
 
 		rcu_read_lock();
-- 
Gitee