git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Muchun Song <songmuchun@bytedance.com>
	Sun, 27 Mar 2022 05:18:52 +0000 (13:18 +0800)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Fri, 8 Apr 2022 11:57:12 +0000 (13:57 +0200)
commit	1e53f4ed16bf682356eef8f0ba82cc25168511e2
tree	c169e8f9e5f043f7f57a0e5467b857517c624899	tree \| snapshot
parent	2ccb266153f6c8c057c6db78a914d15760598b80	commit \| diff

mm: kfence: fix missing objcg housekeeping for SLAB

commit ae085d7f9365de7da27ab5c0d16b12d51ea7fca9 upstream.

The objcg is not cleared and put for kfence object when it is freed,
which could lead to memory leak for struct obj_cgroup and wrong
statistics of NR_SLAB_RECLAIMABLE_B or NR_SLAB_UNRECLAIMABLE_B.

Since the last freed object's objcg is not cleared,
mem_cgroup_from_obj() could return the wrong memcg when this kfence
object, which is not charged to any objcgs, is reallocated to other
users.

A real word issue [1] is caused by this bug.

Link: https://lore.kernel.org/all/000000000000cabcb505dae9e577@google.com/
Reported-by: syzbot+f8c45ccc7d5d45fc5965@syzkaller.appspotmail.com
Fixes: d3fb45f370d9 ("mm, kfence: insert KFENCE hooks for SLAB")
Signed-off-by: Muchun Song <songmuchun@bytedance.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Marco Elver <elver@google.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>