!11241 CVE-2024-43892 (5d0aff8d) · Commits · EulixOS / Software / Kernel

mm/memcontrol.c

+21 −2

Original line number	Diff line number	Diff line
		@@ -6302,11 +6302,28 @@ static struct cftype mem_cgroup_legacy_files[] = {
		*/

		static DEFINE_IDR(mem_cgroup_idr);
		static DEFINE_SPINLOCK(memcg_idr_lock);

		static int mem_cgroup_alloc_id(void)
		{
		int ret;

		idr_preload(GFP_KERNEL);
		spin_lock(&memcg_idr_lock);
		ret = idr_alloc(&mem_cgroup_idr, NULL, 1, MEM_CGROUP_ID_MAX + 1,
		GFP_NOWAIT);
		spin_unlock(&memcg_idr_lock);
		idr_preload_end();
		return ret;
		}

		static void mem_cgroup_id_remove(struct mem_cgroup *memcg)
		{
		if (memcg->id.id > 0) {
		spin_lock(&memcg_idr_lock);
		idr_remove(&mem_cgroup_idr, memcg->id.id);
		spin_unlock(&memcg_idr_lock);

		memcg->id.id = 0;
		}
		}
		@@ -6414,8 +6431,7 @@ static struct mem_cgroup *mem_cgroup_alloc(void)
		if (memcg_alloc_swap_device(memcg))
		goto fail;

		memcg->id.id = idr_alloc(&mem_cgroup_idr, NULL,
		1, MEM_CGROUP_ID_MAX + 1, GFP_KERNEL);
		memcg->id.id = mem_cgroup_alloc_id();
		if (memcg->id.id < 0) {
		error = memcg->id.id;
		goto fail;
		@@ -6456,7 +6472,10 @@ static struct mem_cgroup *mem_cgroup_alloc(void)
		INIT_LIST_HEAD(&memcg->deferred_split_queue.split_queue);
		memcg->deferred_split_queue.split_queue_len = 0;
		#endif
		spin_lock(&memcg_idr_lock);
		idr_replace(&mem_cgroup_idr, memcg, memcg->id.id);
		spin_unlock(&memcg_idr_lock);

		return memcg;
		fail:
		mem_cgroup_id_remove(memcg);