www.infradead.org Git - users/hch/configfs.git/commit

author	Muchun Song <songmuchun@bytedance.com>
	Thu, 18 Jul 2024 08:36:07 +0000 (16:36 +0800)
committer	Andrew Morton <akpm@linux-foundation.org>
	Thu, 8 Aug 2024 01:33:56 +0000 (18:33 -0700)
commit	5161b48712dcd08ec427c450399d4d1483e21dea
tree	a7d52661b6d7c484b9b1fd49f7cb779fc05be3a8	tree
parent	7d4df2dad312f270d62fecb0e5c8b086c6d7dcfc	commit \| diff

mm: list_lru: fix UAF for memory cgroup

The mem_cgroup_from_slab_obj() is supposed to be called under rcu lock or
cgroup_mutex or others which could prevent returned memcg from being
freed. Fix it by adding missing rcu read lock.

Found by code inspection.

[songmuchun@bytedance.com: only grab rcu lock when necessary, per Vlastimil]
Link: https://lkml.kernel.org/r/20240801024603.1865-1-songmuchun@bytedance.com
Link: https://lkml.kernel.org/r/20240718083607.42068-1-songmuchun@bytedance.com
Fixes: 0a97c01cd20b ("list_lru: allow explicit memcg and NUMA node selection")
Signed-off-by: Muchun Song <songmuchun@bytedance.com>
Acked-by: Shakeel Butt <shakeel.butt@linux.dev>
Acked-by: Vlastimil Babka <vbabka@suse.cz>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Nhat Pham <nphamcs@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>