Gh0st
/
linux
mirror of https://github.com/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux/kernel/cgroup
History
JP Kobryn eea51c6e3f cgroup: avoid null de-ref in css_rstat_exit() 
css_rstat_exit() may be called asynchronously in scenarios where preceding
calls to css_rstat_init() have not completed. One such example is this
sequence below:

css_create(...)
{
	...
	init_and_link_css(css, ...);

	err = percpu_ref_init(...);
	if (err)
		goto err_free_css;
	err = cgroup_idr_alloc(...);
	if (err)
		goto err_free_css;
	err = css_rstat_init(css, ...);
	if (err)
		goto err_free_css;
	...
err_free_css:
	INIT_RCU_WORK(&css->destroy_rwork, css_free_rwork_fn);
	queue_rcu_work(cgroup_destroy_wq, &css->destroy_rwork);
	return ERR_PTR(err);
}

If any of the three goto jumps are taken, async cleanup will begin and
css_rstat_exit() will be invoked on an uninitialized css->rstat_cpu.

Avoid accessing the unitialized field by returning early in
css_rstat_exit() if this is the case.

Signed-off-by: JP Kobryn <inwardvessel@gmail.com>
Suggested-by: Michal Koutný <mkoutny@suse.com>
Fixes: 5da3bfa029 ("cgroup: use separate rstat trees for each subsystem")
Cc: stable@vger.kernel.org # v6.16
Reported-by: syzbot+8d052e8b99e40bc625ed@syzkaller.appspotmail.com
Acked-by: Shakeel Butt <shakeel.butt@linux.dev>
Signed-off-by: Tejun Heo <tj@kernel.org>
 		2025-08-09 08:46:32 -10:00
..
Makefile kernel/cgroup: Add "dmem" memory accounting cgroup 2025-01-06 17:24:38 +01:00
cgroup-internal.h cgroup: use subsystem-specific rstat locks to avoid contention 2025-05-19 10:29:42 -10:00
cgroup-v1.c cgroup: Add compatibility option for content of /proc/cgroups 2025-07-19 06:14:44 -10:00
cgroup.c cgroup: Add bpf prog revisions to struct cgroup_bpf 2025-06-09 16:17:11 -07:00
cpuset-internal.h cgroup/cpuset: Don't allow creation of local partition over a remote one 2025-03-31 13:26:53 -10:00
cpuset-v1.c RFC cgroup/cpuset-v1: Add deprecation messages to sched_relax_domain_level 2025-03-11 09:22:54 -10:00
cpuset.c cgroup/cpuset: Remove the unnecessary css_get/put() in cpuset_partition_write() 2025-08-09 08:42:47 -10:00
debug.c
dmem.c cgroup/dmem: Don't open-code css_for_each_descendant_pre 2025-02-19 09:50:37 +01:00
freezer.c cgroup/freezer: Add cgroup CGRP_FROZEN flag update helper 2024-10-23 09:45:09 -10:00
legacy_freezer.c Revert "cgroup_freezer: cgroup_freezing: Check if not frozen" 2025-07-17 07:57:02 -10:00
misc.c Merge branch 'kvm-tdx-initial' into HEAD 2025-04-07 07:36:33 -04:00
namespace.c cgroup:namespace: Remove unused cgroup_namespaces_init() 2023-08-14 14:29:47 -10:00
pids.c cgroup/pids: Remove unreachable paths of pids_{can,cancel}_fork 2024-08-05 10:32:16 -10:00
rdma.c
rstat.c cgroup: avoid null de-ref in css_rstat_exit() 2025-08-09 08:46:32 -10:00