Re: FAILED: patch "[PATCH] memcg: fix use-after-free in uncharge_batch" failed to apply to 5.4-stable tree

Michal Hocko <mhocko@xxxxxxxx> · Tue, 27 Feb 2024 14:29:12 +0100

Why is this applied to 5.4?
$ git describe-ver 1a3e1f40962c
v5.9-rc1~97^2~97

I do not see 1a3e1f40962c in 5.4 stable tree. What am I missing?

On Tue 27-02-24 14:12:00, Greg KH wrote:
[...]
> Fixes: 1a3e1f40962c ("mm: memcontrol: decouple reference counting from page accounting")
> Reported-by: syzbot+b305848212deec86eabe@xxxxxxxxxxxxxxxxxxxxxxxxx
> Reported-by: syzbot+b5ea6fb6f139c8b9482b@xxxxxxxxxxxxxxxxxxxxxxxxx
> Signed-off-by: Michal Hocko <mhocko@xxxxxxxx>
> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
> Reviewed-by: Shakeel Butt <shakeelb@xxxxxxxxxx>
> Acked-by: Johannes Weiner <hannes@xxxxxxxxxxx>
> Cc: Roman Gushchin <guro@xxxxxx>
> Cc: Hugh Dickins <hughd@xxxxxxxxxx>
> Link: https://lkml.kernel.org/r/20200820090341.GC5033@xxxxxxxxxxxxxx
> Signed-off-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
> 
> diff --git a/mm/memcontrol.c b/mm/memcontrol.c
> index b807952b4d43..cfa6cbad21d5 100644
> --- a/mm/memcontrol.c
> +++ b/mm/memcontrol.c
> @@ -6774,6 +6774,9 @@ static void uncharge_batch(const struct uncharge_gather *ug)
>  	__this_cpu_add(ug->memcg->vmstats_percpu->nr_page_events, ug->nr_pages);
>  	memcg_check_events(ug->memcg, ug->dummy_page);
>  	local_irq_restore(flags);
> +
> +	/* drop reference from uncharge_page */
> +	css_put(&ug->memcg->css);
>  }
>  
>  static void uncharge_page(struct page *page, struct uncharge_gather *ug)
> @@ -6797,6 +6800,9 @@ static void uncharge_page(struct page *page, struct uncharge_gather *ug)
>  			uncharge_gather_clear(ug);
>  		}
>  		ug->memcg = page->mem_cgroup;
> +
> +		/* pairs with css_put in uncharge_batch */
> +		css_get(&ug->memcg->css);
>  	}
>  
>  	nr_pages = compound_nr(page);

-- 
Michal Hocko
SUSE Labs