public inbox for cgroups@vger.kernel.org
 help / color / mirror / Atom feed
* [PATCH] memcg: avoid accessing memcg after releasing reference
@ 2013-04-01  2:39 Li Zefan
       [not found] ` <5158F344.9020509-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
  0 siblings, 1 reply; 3+ messages in thread
From: Li Zefan @ 2013-04-01  2:39 UTC (permalink / raw)
  To: Glauber Costa
  Cc: Michal Hocko, KAMEZAWA Hiroyuki, Johannes Weiner, LKML, Cgroups,
	linux-mm-Bw31MaZKKs3YtjvyW6yDsg, Andrew Morton

This might cause use-after-free bug.

Signed-off-by: Li Zefan <lizefan-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
---

found when reading the code.

---
 mm/memcontrol.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mm/memcontrol.c b/mm/memcontrol.c
index 8ec501c..6391046 100644
--- a/mm/memcontrol.c
+++ b/mm/memcontrol.c
@@ -3186,12 +3186,12 @@ void memcg_release_cache(struct kmem_cache *s)
 
 	root = s->memcg_params->root_cache;
 	root->memcg_params->memcg_caches[id] = NULL;
-	mem_cgroup_put(memcg);
 
 	mutex_lock(&memcg->slab_caches_mutex);
 	list_del(&s->memcg_params->list);
 	mutex_unlock(&memcg->slab_caches_mutex);
 
+	mem_cgroup_put(memcg);
 out:
 	kfree(s->memcg_params);
 }
-- 
1.8.0.2

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH] memcg: avoid accessing memcg after releasing reference
       [not found] ` <5158F344.9020509-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
@ 2013-04-01  5:05   ` Kamezawa Hiroyuki
  2013-04-01  9:39   ` Michal Hocko
  1 sibling, 0 replies; 3+ messages in thread
From: Kamezawa Hiroyuki @ 2013-04-01  5:05 UTC (permalink / raw)
  To: Li Zefan
  Cc: Glauber Costa, Michal Hocko, Johannes Weiner, LKML, Cgroups,
	linux-mm-Bw31MaZKKs3YtjvyW6yDsg, Andrew Morton

(2013/04/01 11:39), Li Zefan wrote:
> This might cause use-after-free bug.
> 
> Signed-off-by: Li Zefan <lizefan-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>

Thank you.

Acked-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu-+CUm20s59erQFUHtdCDX3A@public.gmane.org>

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] memcg: avoid accessing memcg after releasing reference
       [not found] ` <5158F344.9020509-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
  2013-04-01  5:05   ` Kamezawa Hiroyuki
@ 2013-04-01  9:39   ` Michal Hocko
  1 sibling, 0 replies; 3+ messages in thread
From: Michal Hocko @ 2013-04-01  9:39 UTC (permalink / raw)
  To: Li Zefan
  Cc: Glauber Costa, KAMEZAWA Hiroyuki, Johannes Weiner, LKML, Cgroups,
	linux-mm-Bw31MaZKKs3YtjvyW6yDsg, Andrew Morton

On Mon 01-04-13 10:39:00, Li Zefan wrote:
> This might cause use-after-free bug.
> 
> Signed-off-by: Li Zefan <lizefan-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>

Acked-by: Michal Hocko <mhocko-AlSwsSmVLrQ@public.gmane.org>

> ---
> 
> found when reading the code.
> 
> ---
>  mm/memcontrol.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/mm/memcontrol.c b/mm/memcontrol.c
> index 8ec501c..6391046 100644
> --- a/mm/memcontrol.c
> +++ b/mm/memcontrol.c
> @@ -3186,12 +3186,12 @@ void memcg_release_cache(struct kmem_cache *s)
>  
>  	root = s->memcg_params->root_cache;
>  	root->memcg_params->memcg_caches[id] = NULL;
> -	mem_cgroup_put(memcg);
>  
>  	mutex_lock(&memcg->slab_caches_mutex);
>  	list_del(&s->memcg_params->list);
>  	mutex_unlock(&memcg->slab_caches_mutex);
>  
> +	mem_cgroup_put(memcg);
>  out:
>  	kfree(s->memcg_params);
>  }
> -- 
> 1.8.0.2

-- 
Michal Hocko
SUSE Labs

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2013-04-01  9:39 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-04-01  2:39 [PATCH] memcg: avoid accessing memcg after releasing reference Li Zefan
     [not found] ` <5158F344.9020509-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2013-04-01  5:05   ` Kamezawa Hiroyuki
2013-04-01  9:39   ` Michal Hocko

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox