From: SeongJae Park <sj@kernel.org>
To: stable@vger.kernel.org, gregkh@linuxfoundation.org
Cc: akpm@linux-foundation.org, linux-mm@kvack.org,
linux-kernel@vger.kernel.org, SeongJae Park <sj@kernel.org>,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: [PATCH for-v5.15.x] mm/damon/dbgfs: fix 'struct pid' leaks in 'dbgfs_target_ids_write()'
Date: Sun, 2 Jan 2022 11:21:41 +0000 [thread overview]
Message-ID: <20220102112141.12281-1-sj@kernel.org> (raw)
commit ebb3f994dd92f8fb4d70c7541091216c1e10cb71 upstream.
DAMON debugfs interface increases the reference counts of 'struct pid's
for targets from the 'target_ids' file write callback
('dbgfs_target_ids_write()'), but decreases the counts only in DAMON
monitoring termination callback ('dbgfs_before_terminate()').
Therefore, when 'target_ids' file is repeatedly written without DAMON
monitoring start/termination, the reference count is not decreased and
therefore memory for the 'struct pid' cannot be freed. This commit
fixes this issue by decreasing the reference counts when 'target_ids' is
written.
Link: https://lkml.kernel.org/r/20211229124029.23348-1-sj@kernel.org
Fixes: 4bc05954d007 ("mm/damon: implement a debugfs-based user space interface")
Signed-off-by: SeongJae Park <sj@kernel.org>
Cc: <stable@vger.kernel.org> # 5.15.x
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
---
This is a backport of a DAMON fix that merged in the mainline, for
v5.15.x stable series.
mm/damon/dbgfs.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/mm/damon/dbgfs.c b/mm/damon/dbgfs.c
index d3bc110430f9..36624990b577 100644
--- a/mm/damon/dbgfs.c
+++ b/mm/damon/dbgfs.c
@@ -185,6 +185,7 @@ static ssize_t dbgfs_target_ids_write(struct file *file,
const char __user *buf, size_t count, loff_t *ppos)
{
struct damon_ctx *ctx = file->private_data;
+ struct damon_target *t, *next_t;
char *kbuf, *nrs;
unsigned long *targets;
ssize_t nr_targets;
@@ -224,6 +225,13 @@ static ssize_t dbgfs_target_ids_write(struct file *file,
goto unlock_out;
}
+ /* remove previously set targets */
+ damon_for_each_target_safe(t, next_t, ctx) {
+ if (targetid_is_pid(ctx))
+ put_pid((struct pid *)t->id);
+ damon_destroy_target(t);
+ }
+
err = damon_set_targets(ctx, targets, nr_targets);
if (err) {
if (targetid_is_pid(ctx))
--
2.17.1
next reply other threads:[~2022-01-02 11:22 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-02 11:21 SeongJae Park [this message]
2022-01-03 9:46 ` [PATCH for-v5.15.x] mm/damon/dbgfs: fix 'struct pid' leaks in 'dbgfs_target_ids_write()' Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220102112141.12281-1-sj@kernel.org \
--to=sj@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.