!11242 CVE-2024-43892 (7aa5db25) · Commits · EulixOS / Software / Kernel

mm/memcontrol.c

+21 −2

Original line number	Diff line number	Diff line
		@@ -5191,11 +5191,28 @@ static struct cftype mem_cgroup_legacy_files[] = {
		*/

		static DEFINE_IDR(mem_cgroup_idr);
		static DEFINE_SPINLOCK(memcg_idr_lock);

		static int mem_cgroup_alloc_id(void)
		{
		int ret;

		idr_preload(GFP_KERNEL);
		spin_lock(&memcg_idr_lock);
		ret = idr_alloc(&mem_cgroup_idr, NULL, 1, MEM_CGROUP_ID_MAX + 1,
		GFP_NOWAIT);
		spin_unlock(&memcg_idr_lock);
		idr_preload_end();
		return ret;
		}

		static void mem_cgroup_id_remove(struct mem_cgroup *memcg)
		{
		if (memcg->id.id > 0) {
		spin_lock(&memcg_idr_lock);
		idr_remove(&mem_cgroup_idr, memcg->id.id);
		spin_unlock(&memcg_idr_lock);

		memcg->id.id = 0;
		}
		}
		@@ -5337,8 +5354,7 @@ static struct mem_cgroup *mem_cgroup_alloc(void)
		return ERR_PTR(error);

		memcg = &memcg_ext->memcg;
		memcg->id.id = idr_alloc(&mem_cgroup_idr, NULL,
		1, MEM_CGROUP_ID_MAX + 1, GFP_KERNEL);
		memcg->id.id = mem_cgroup_alloc_id();
		if (memcg->id.id < 0) {
		error = memcg->id.id;
		goto fail;
		@@ -5379,7 +5395,10 @@ static struct mem_cgroup *mem_cgroup_alloc(void)
		INIT_LIST_HEAD(&memcg_ext->split_queue);
		memcg_ext->split_queue_len = 0;
		#endif
		spin_lock(&memcg_idr_lock);
		idr_replace(&mem_cgroup_idr, memcg, memcg->id.id);
		spin_unlock(&memcg_idr_lock);

		return memcg;
		fail:
		mem_cgroup_id_remove(memcg);