Users can leak memory by repeatedly writing a string to DAMOS sysfs memcg_path file. Fix it (patch 1) and add a selftest (patch 2) to avoid reoccurrance of the bug.
SeongJae Park (2): mm/damon/sysfs-schemes: free old damon_sysfs_scheme_filter->memcg_path on write selftets/damon: add a test for memcg_path leak
mm/damon/sysfs-schemes.c | 1 + tools/testing/selftests/damon/Makefile | 1 + .../selftests/damon/sysfs_memcg_path_leak.sh | 43 +++++++++++++++++++ 3 files changed, 45 insertions(+) create mode 100755 tools/testing/selftests/damon/sysfs_memcg_path_leak.sh
base-commit: 05b89e828eb4f791f721cbdc65f36e1a8287a9d3
memcg_path_store() assigns a newly allocated memory buffer to filter->memcg_path, without deallocating the previously allocated and assigned memory buffer. As a result, users can leak kernel memory by continuously writing a data to memcg_path DAMOS sysfs file. Fix the leak by deallocating the previously set memory buffer.
Fixes: 7ee161f18b5d ("mm/damon/sysfs-schemes: implement filter directory") Cc: stable@vger.kernel.org # 6.3.x Signed-off-by: SeongJae Park sj@kernel.org --- mm/damon/sysfs-schemes.c | 1 + 1 file changed, 1 insertion(+)
diff --git a/mm/damon/sysfs-schemes.c b/mm/damon/sysfs-schemes.c index 0f6c9e1fec0b..30ae7518ffbf 100644 --- a/mm/damon/sysfs-schemes.c +++ b/mm/damon/sysfs-schemes.c @@ -472,6 +472,7 @@ static ssize_t memcg_path_store(struct kobject *kobj, return -ENOMEM;
strscpy(path, buf, count + 1); + kfree(filter->memcg_path); filter->memcg_path = path; return count; }
linux-stable-mirror@lists.linaro.org
-
SeongJae Park