From: Chen Ridong <chenridong@huawei.com>

Add WARN_ON_ONCE guards for NULL-sensitive arguments in dmem helpers to
avoid NULL dereferences on misused APIs. Valid callers are unaffected.

Signed-off-by: Chen Ridong <chenridong@huawei.com>
---
 kernel/cgroup/dmem.c | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/kernel/cgroup/dmem.c b/kernel/cgroup/dmem.c
index 1ea6afffa985..aa5bacf5fe45 100644
--- a/kernel/cgroup/dmem.c
+++ b/kernel/cgroup/dmem.c
@@ -307,6 +307,9 @@ bool dmem_cgroup_state_evict_valuable(struct dmem_cgroup_pool_state *limit_pool,
 	struct page_counter *ctest;
 	u64 used, min, low;
 
+	if (WARN_ON_ONCE(!test_pool))
+		return false;
+
 	/* Can always evict from current pool, despite limits */
 	if (limit_pool == test_pool)
 		return true;
@@ -343,7 +346,8 @@ bool dmem_cgroup_state_evict_valuable(struct dmem_cgroup_pool_state *limit_pool,
 		low = READ_ONCE(ctest->elow);
 		if (used > low)
 			return true;
-
+		if (WARN_ON_ONCE(!ret_hit_low))
+			return false;
 		*ret_hit_low = true;
 		return false;
 	}
@@ -512,7 +516,7 @@ struct dmem_cgroup_region *dmem_cgroup_register_region(u64 size, const char *fmt
 	char *region_name;
 	va_list ap;
 
-	if (!size)
+	if (WARN_ON_ONCE(!size || !fmt))
 		return NULL;
 
 	va_start(ap, fmt);
@@ -520,6 +524,10 @@ struct dmem_cgroup_region *dmem_cgroup_register_region(u64 size, const char *fmt
 	va_end(ap);
 	if (!region_name)
 		return ERR_PTR(-ENOMEM);
+	if (WARN_ON_ONCE(!region_name[0])) {
+		kfree(region_name);
+		return ERR_PTR(-EINVAL);
+	}
 
 	ret = kzalloc(sizeof(*ret), GFP_KERNEL);
 	if (!ret) {
@@ -657,6 +665,9 @@ int dmem_cgroup_try_charge(struct dmem_cgroup_region *region, u64 size,
 	struct page_counter *fail;
 	int ret;
 
+	if (WARN_ON_ONCE(!region || !ret_pool))
+		return -EINVAL;
+
 	*ret_pool = NULL;
 	if (ret_limit_pool)
 		*ret_limit_pool = NULL;
-- 
2.34.1