[PATCH] fix in slab.c:alloc_arraycache

Kmem_cache_alloc_node is not capable of handling a null cachep pointer as its input argument. If I try to increase a slab limit by echoing a very large number into /proc/slabinfo, kernel will panic from alloc_arraycache() because Kmem_find_general_cachep() can actually return a NULL pointer if the size argument is sufficiently large. Signed-off-by: Ken Chen <kenneth.w.chen@intel.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>

[PATCH] fix in slab.c:alloc_arraycache
Kmem_cache_alloc_node is not capable of handling a null cachep pointer as its input argument. If I try to increase a slab limit by echoing a very large number into /proc/slabinfo, kernel will panic from alloc_arraycache() because Kmem_find_general_cachep() can actually return a NULL pointer if the size argument is sufficiently large. Signed-off-by: Ken Chen <kenneth.w.chen@intel.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
b0234a62 · Kenneth W. Chen · Linus Torvalds · 3a85d4dd · b0234a62
Commit b0234a62 authored Mar 09, 2005 by Kenneth W. Chen Committed by Linus Torvalds Mar 09, 2005
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 2 deletions

mm/slab.c mm/slab.c +4 -2

No files found.
--- a/mm/slab.c
+++ b/mm/slab.c
@@ -665,8 +665,10 @@ static struct array_cache *alloc_arraycache(int cpu, int entries, int batchcount
 	struct array_cache *nc = NULL;

 	if (cpu != -1) {
-		nc = kmem_cache_alloc_node(kmem_find_general_cachep(memsize,
-					GFP_KERNEL), cpu_to_node(cpu));
+		kmem_cache_t *cachep;
+		cachep = kmem_find_general_cachep(memsize, GFP_KERNEL);
+		if (cachep)
+			nc = kmem_cache_alloc_node(cachep, cpu_to_node(cpu));
 	}
 	if (!nc)
 		nc = kmalloc(memsize, GFP_KERNEL);