On Tue, May 02, 2023 at 09:08:39AM -0700, Roman Gushchin wrote: > A memcg pointer in the percpu stock can be accessed by drain_all_stock() > from another cpu in a lockless way. > In theory it might lead to an issue, similar to the one which has been > discovered with stock->cached_objcg, where the pointer was zeroed > between the check for being NULL and dereferencing. > In this case the issue is unlikely a real problem, but to make it > bulletproof and similar to stock->cached_objcg, let's annotate all > accesses to stock->cached with READ_ONCE()/WTRITE_ONCE(). > > Signed-off-by: Roman Gushchin <roman.gushchin@xxxxxxxxx> > Cc: Dmitry Vyukov <dvyukov@xxxxxxxxxx> > Cc: Yosry Ahmed <yosryahmed@xxxxxxxxxx> > Cc: Shakeel Butt <shakeelb@xxxxxxxxxx> Acked-by: Shakeel Butt <shakeelb@xxxxxxxxxx>
