!11233 CVE-2024-43892 (9e3d5ec1) · Commits · EulixOS / Software / Kernel

mm/memcontrol.c

+20 −2

Original line number	Diff line number	Diff line
		@@ -6385,11 +6385,28 @@ static struct cftype mem_cgroup_legacy_files[] = {

		#define MEM_CGROUP_ID_MAX ((1UL << MEM_CGROUP_ID_SHIFT) - 1)
		static DEFINE_IDR(mem_cgroup_idr);
		static DEFINE_SPINLOCK(memcg_idr_lock);

		static int mem_cgroup_alloc_id(void)
		{
		int ret;

		idr_preload(GFP_KERNEL);
		spin_lock(&memcg_idr_lock);
		ret = idr_alloc(&mem_cgroup_idr, NULL, 1, MEM_CGROUP_ID_MAX + 1,
		GFP_NOWAIT);
		spin_unlock(&memcg_idr_lock);
		idr_preload_end();
		return ret;
		}

		static void mem_cgroup_id_remove(struct mem_cgroup *memcg)
		{
		if (memcg->id.id > 0) {
		spin_lock(&memcg_idr_lock);
		idr_remove(&mem_cgroup_idr, memcg->id.id);
		spin_unlock(&memcg_idr_lock);

		memcg->id.id = 0;
		}
		}
		@@ -6519,8 +6536,7 @@ static struct mem_cgroup *mem_cgroup_alloc(void)
		if (memcg_alloc_swap_device(memcg))
		goto fail;

		memcg->id.id = idr_alloc(&mem_cgroup_idr, NULL,
		1, MEM_CGROUP_ID_MAX + 1, GFP_KERNEL);
		memcg->id.id = mem_cgroup_alloc_id();
		if (memcg->id.id < 0) {
		error = memcg->id.id;
		goto fail;
		@@ -6667,7 +6683,9 @@ static int mem_cgroup_css_online(struct cgroup_subsys_state *css)
		* publish it here at the end of onlining. This matches the
		* regular ID destruction during offlining.
		*/
		spin_lock(&memcg_idr_lock);
		idr_replace(&mem_cgroup_idr, memcg, memcg->id.id);
		spin_unlock(&memcg_idr_lock);

		return 0;
		offline_kmem: