From: Michal Hocko <mhocko@suse.com>
To: gregkh@linuxfoundation.org
Cc: akpm@linux-foundation.org, guro@fb.com, hannes@cmpxchg.org,
hughd@google.com, shakeelb@google.com,
torvalds@linux-foundation.org, stable@vger.kernel.org
Subject: Re: FAILED: patch "[PATCH] memcg: fix use-after-free in uncharge_batch" failed to apply to 5.4-stable tree
Date: Tue, 27 Feb 2024 14:29:12 +0100 [thread overview]
Message-ID: <Zd3jqLMSktEpZPM4@tiehlicka> (raw)
In-Reply-To: <2024022759-crave-busily-bef7@gregkh>
Why is this applied to 5.4?
$ git describe-ver 1a3e1f40962c
v5.9-rc1~97^2~97
I do not see 1a3e1f40962c in 5.4 stable tree. What am I missing?
On Tue 27-02-24 14:12:00, Greg KH wrote:
[...]
> Fixes: 1a3e1f40962c ("mm: memcontrol: decouple reference counting from page accounting")
> Reported-by: syzbot+b305848212deec86eabe@syzkaller.appspotmail.com
> Reported-by: syzbot+b5ea6fb6f139c8b9482b@syzkaller.appspotmail.com
> Signed-off-by: Michal Hocko <mhocko@suse.com>
> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
> Reviewed-by: Shakeel Butt <shakeelb@google.com>
> Acked-by: Johannes Weiner <hannes@cmpxchg.org>
> Cc: Roman Gushchin <guro@fb.com>
> Cc: Hugh Dickins <hughd@google.com>
> Link: https://lkml.kernel.org/r/20200820090341.GC5033@dhcp22.suse.cz
> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
>
> diff --git a/mm/memcontrol.c b/mm/memcontrol.c
> index b807952b4d43..cfa6cbad21d5 100644
> --- a/mm/memcontrol.c
> +++ b/mm/memcontrol.c
> @@ -6774,6 +6774,9 @@ static void uncharge_batch(const struct uncharge_gather *ug)
> __this_cpu_add(ug->memcg->vmstats_percpu->nr_page_events, ug->nr_pages);
> memcg_check_events(ug->memcg, ug->dummy_page);
> local_irq_restore(flags);
> +
> + /* drop reference from uncharge_page */
> + css_put(&ug->memcg->css);
> }
>
> static void uncharge_page(struct page *page, struct uncharge_gather *ug)
> @@ -6797,6 +6800,9 @@ static void uncharge_page(struct page *page, struct uncharge_gather *ug)
> uncharge_gather_clear(ug);
> }
> ug->memcg = page->mem_cgroup;
> +
> + /* pairs with css_put in uncharge_batch */
> + css_get(&ug->memcg->css);
> }
>
> nr_pages = compound_nr(page);
--
Michal Hocko
SUSE Labs
next prev parent reply other threads:[~2024-02-27 13:29 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-27 13:12 FAILED: patch "[PATCH] memcg: fix use-after-free in uncharge_batch" failed to apply to 5.4-stable tree gregkh
2024-02-27 13:29 ` Michal Hocko [this message]
2024-02-27 13:32 ` Greg KH
2024-02-27 15:49 ` Michal Hocko
2024-02-28 12:31 ` Michal Hocko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Zd3jqLMSktEpZPM4@tiehlicka \
--to=mhocko@suse.com \
--cc=akpm@linux-foundation.org \
--cc=gregkh@linuxfoundation.org \
--cc=guro@fb.com \
--cc=hannes@cmpxchg.org \
--cc=hughd@google.com \
--cc=shakeelb@google.com \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.