iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
713,837 Commits 104 Branches 1,843 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Jing Xia be2657752e mm: memcg: fix use after free in mem_cgroup_iter() 
commit 9f15bde671355c351cf20d9f879004b234353100 upstream.

It was reported that a kernel crash happened in mem_cgroup_iter(), which
can be triggered if the legacy cgroup-v1 non-hierarchical mode is used.

Unable to handle kernel paging request at virtual address 6b6b6b6b6b6b8f
......
Call trace:
  mem_cgroup_iter+0x2e0/0x6d4
  shrink_zone+0x8c/0x324
  balance_pgdat+0x450/0x640
  kswapd+0x130/0x4b8
  kthread+0xe8/0xfc
  ret_from_fork+0x10/0x20

  mem_cgroup_iter():
      ......
      if (css_tryget(css))    <-- crash here
	    break;
      ......

The crashing reason is that mem_cgroup_iter() uses the memcg object whose
pointer is stored in iter->position, which has been freed before and
filled with POISON_FREE(0x6b).

And the root cause of the use-after-free issue is that
invalidate_reclaim_iterators() fails to reset the value of iter->position
to NULL when the css of the memcg is released in non- hierarchical mode.

Link: http://lkml.kernel.org/r/1531994807-25639-1-git-send-email-jing.xia@unisoc.com
Fixes: 6df38689e0e9 ("mm: memcontrol: fix possible memcg leak due to interrupted reclaim")
Signed-off-by: Jing Xia <jing.xia.mail@gmail.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Vladimir Davydov <vdavydov.dev@gmail.com>
Cc: <chunyan.zhang@unisoc.com>
Cc: Shakeel Butt <shakeelb@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-07-25 11:25:08 +02:00
arch
ARC: mm: allow mprotect to make stack mappings executable
2018-07-25 11:25:08 +02:00
block
block: do not use interruptible wait anywhere
2018-07-22 14:28:48 +02:00
certs
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
crypto
crypto: af_alg - Initialize sg_num_bytes in error code path
2018-07-22 14:28:48 +02:00
Documentation
arm64: Add 'ssbd' command-line option
2018-07-22 14:28:51 +02:00
drivers
scsi: sd_zbc: Fix variable type and bogus comment
2018-07-25 11:25:06 +02:00
firmware
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
fs
fat: fix memory allocation failure handling of match_strdup()
2018-07-25 11:25:07 +02:00
include
string: drop __must_check from strscpy() and restore strscpy() usages in cgroup
2018-07-22 14:28:52 +02:00
init
init: fix false positives in W+X checking
2018-06-21 04:02:57 +09:00
ipc
ipc/shm: fix shmat() nil address after round-down when remapping
2018-05-30 07:51:49 +02:00
kernel
clocksource: Initialize cs->wd_list
2018-07-22 14:28:48 +02:00
lib
lib/vsprintf: Remove atomic-unsafe support for %pCr
2018-07-03 11:24:48 +02:00
mm
mm: memcg: fix use after free in mem_cgroup_iter()
2018-07-25 11:25:08 +02:00
net
net/nfc: Avoid stalls when nfc_alloc_send_skb() returned NULL.
2018-07-22 14:28:49 +02:00
samples
samples/bpf: Partially fixes the bpf.o build
2018-04-26 11:02:12 +02:00
scripts
Kbuild: fix # escaping in .cmd files for future Make
2018-07-11 16:29:21 +02:00
security
selinux: KASAN: slab-out-of-bounds in xattr_getsecurity
2018-06-05 11:41:56 +02:00
sound
ALSA: hda: add mute led support for HP ProBook 455 G5
2018-07-25 11:25:07 +02:00
tools
tools build: fix # escaping in .cmd files for future Make
2018-07-17 11:39:30 +02:00
usr
initramfs: fix initramfs rebuilds w/ compression after disabling
2017-11-03 07:39:19 -07:00
virt
KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in parallel.
2018-07-25 11:25:07 +02:00
.cocciconfig
scripts: add Linux .cocciconfig for coccinelle
2016-07-22 12:13:39 +02:00
.get_maintainer.ignore
.gitattributes
.gitattributes: set git diff driver for C source code files
2016-10-07 18:46:30 -07:00
.gitignore
kbuild: rpm-pkg: keep spec file until make mrproper
2018-02-13 10:19:46 +01:00
.mailmap
.mailmap: Add Maciej W. Rozycki's Imagination e-mail address
2017-11-10 12:16:15 -08:00
COPYING
CREDITS
MAINTAINERS: update TPM driver infrastructure changes
2017-11-09 17:58:40 -08:00
Kbuild
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
Kconfig
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
MAINTAINERS
dt-bindings: Document mti,mips-cpc binding
2018-03-15 10:54:35 +01:00
Makefile
Linux 4.14.57
2018-07-22 14:28:52 +02:00
README
README: add a new README file, pointing to the Documentation/
2016-10-24 08:12:35 -02:00

README 

Linux kernel
============

This file was moved to Documentation/admin-guide/README.rst

Please notice that there are several guides for kernel developers and users.
These guides can be rendered in a number of formats, like HTML and PDF.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.
See Documentation/00-INDEX for a list of what is contained in each file.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.
Description
No description provided
Readme 5.7 GiB
Languages
C 97.6%
Assembly 1%
Shell 0.5%
Python 0.3%
Makefile 0.3%