git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Muchun Song <songmuchun@bytedance.com>
	Thu, 18 Jul 2024 08:36:07 +0000 (16:36 +0800)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 14 Aug 2024 13:34:34 +0000 (15:34 +0200)
commit	4589f77c18dd98b65f45617b6d1e95313cf6fcab
tree	b432c2882cf6858345506fa1af8a8e5010d3416e	tree
parent	a6ce683090e5193a57dc59f354153c0e57a25470	commit \| diff

mm: list_lru: fix UAF for memory cgroup

commit 5161b48712dcd08ec427c450399d4d1483e21dea upstream.

The mem_cgroup_from_slab_obj() is supposed to be called under rcu lock or
cgroup_mutex or others which could prevent returned memcg from being
freed. Fix it by adding missing rcu read lock.

Found by code inspection.

[songmuchun@bytedance.com: only grab rcu lock when necessary, per Vlastimil]
Link: https://lkml.kernel.org/r/20240801024603.1865-1-songmuchun@bytedance.com
Link: https://lkml.kernel.org/r/20240718083607.42068-1-songmuchun@bytedance.com
Fixes: 0a97c01cd20b ("list_lru: allow explicit memcg and NUMA node selection")
Signed-off-by: Muchun Song <songmuchun@bytedance.com>
Acked-by: Shakeel Butt <shakeel.butt@linux.dev>
Acked-by: Vlastimil Babka <vbabka@suse.cz>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Nhat Pham <nphamcs@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>