From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id EF444C19F29 for ; Wed, 27 Jul 2022 09:07:11 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 0B4D094000A; Wed, 27 Jul 2022 05:07:11 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 06424940009; Wed, 27 Jul 2022 05:07:11 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E6E4294000A; Wed, 27 Jul 2022 05:07:10 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id D6FF8940009 for ; Wed, 27 Jul 2022 05:07:10 -0400 (EDT) Received: from smtpin13.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id A7CB9AB9A4 for ; Wed, 27 Jul 2022 09:07:10 +0000 (UTC) X-FDA: 79732300620.13.A0ADF1D Received: from mail-pf1-f195.google.com (mail-pf1-f195.google.com [209.85.210.195]) by imf06.hostedemail.com (Postfix) with ESMTP id 6AECF180099 for ; Wed, 27 Jul 2022 09:07:08 +0000 (UTC) Received: by mail-pf1-f195.google.com with SMTP id b9so15568459pfp.10 for ; Wed, 27 Jul 2022 02:07:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bytedance-com.20210112.gappssmtp.com; s=20210112; h=from:to:cc:subject:date:message-id; bh=2Sl2t8r1ZUfe8lzmXAHqvujfGWqYPzoD6dESsmixId8=; b=jjJ8BeO4eC8mXVDiID2bspJ1p6dBYwNpZawCx7rWSN/pqy2FJOuzecozYhRBwoldNn f/t3D/gjmmb6JJJVhf7hcdfnOiDsB8dgoCMy0I6+H4NVV09QkCfNmXE0SyB442KdPbXl U5tJwou8ONIH1L7pnBUVHQoRnG+lMCkD47QcG3oPqTY61VSiaHuMJer+EKmOCof9BoJH O+wkFKCEWTKHyIxLtAjISdk0ZIBIcEemJ/buJxMinEfqW+P9dcx2wKe0mpz+t5SABFiQ KfxUzMpbF2z6NcV3Ern1UjZyV9OFIx+BgAHkXcg4hjgvTQUB427AFWAXFbmMzLCuUMRX uDJA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=2Sl2t8r1ZUfe8lzmXAHqvujfGWqYPzoD6dESsmixId8=; b=FgAnguNrHhlUvEIFogqhbkzazOHMd53RetmYcEs/tr2StgVSjxeQmSF/XOazgAkmQO xhIVMs4ZNVlzjBCezfpDSp9k0LsBciVJ4eznV2B5V/cGq3YRAMWtQ1BSiY8CpEopFzBz gdPT2ZnMjlYNuCPv6/J+eGAZQiXzeCSnu5idDbCfYOQLOmeXS/W9UCsylLovC3JFSNhh HnHYfhxeygETeZVSn+KcoOdzTMnvJ01Saea9qsvM6/lIWIYNJ1/3Z1RH8+n1ghTx6gT6 QQZSxmY+mO37iTPHp7v/N1ntDVMj2RFtPrkdEDkvcuB81EG6CmYA1aTuddQ3mbkul65f oAzQ== X-Gm-Message-State: AJIora+Rl62eIEOi+Fq2uz//9Sx1RPIAFbQHKYmghivjoc9/gurtzFJZ /o0fWaEUK4q4YJvYInz56TEc0A== X-Google-Smtp-Source: AGRyM1vtuT/ZYh9CUtmNfGXr7qX1Z6Jxa2DeJOGGWDtXWejTkzZSlxUordVbZUp7hABJPSZZiRQ9AA== X-Received: by 2002:a63:4c0d:0:b0:41a:77fe:2bc8 with SMTP id z13-20020a634c0d000000b0041a77fe2bc8mr17722286pga.82.1658912827076; Wed, 27 Jul 2022 02:07:07 -0700 (PDT) Received: from n131-251-112.byted.org ([121.30.179.125]) by smtp.gmail.com with ESMTPSA id x8-20020a170902a38800b0016c46ff1973sm13131587pla.228.2022.07.27.02.07.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 27 Jul 2022 02:07:06 -0700 (PDT) From: tujinjiang@bytedance.com To: akpm@linux-foundation.org Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org, Jinjiang Tu Subject: [PATCH] vmscan: fix potential arbitrary pointer passed to kfree in unregister_shrinker Date: Wed, 27 Jul 2022 17:07:00 +0800 Message-Id: <20220727090700.3238-1-tujinjiang@bytedance.com> X-Mailer: git-send-email 2.17.1 ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1658912830; a=rsa-sha256; cv=none; b=61ByIkWW+yk11Mr+Hg6u8R5feB6jZEkwQJql7lzgVzBrNf/AYcMilsw6hQtGvkBiYbDY84 Zt/yIxLPq7loJXlWRJpB/sAnkNiQnOVZhyOHWSL1tEZGXX10qUvNkjjB3lQia59mvnBzxv c82NZpjA4N2jqm+BqAEydesd2ugyshg= ARC-Authentication-Results: i=1; imf06.hostedemail.com; dkim=pass header.d=bytedance-com.20210112.gappssmtp.com header.s=20210112 header.b=jjJ8BeO4; spf=pass (imf06.hostedemail.com: domain of tujinjiang@bytedance.com designates 209.85.210.195 as permitted sender) smtp.mailfrom=tujinjiang@bytedance.com; dmarc=pass (policy=none) header.from=bytedance.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1658912830; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:references:dkim-signature; bh=2Sl2t8r1ZUfe8lzmXAHqvujfGWqYPzoD6dESsmixId8=; b=e/arl62XEvvxGUy6nEnGiF6uZec4S4uoRXIhUIAHYm6cIpqHDi0oGLrXGzCVXhH3g+wgvF yPDwWQQHi+ECo45Aff+2Aa4b2iZcUvHqHlX4rf0rCaGkYcI3etnx3Tzgn7aU0GHUQQPZFW rdRMBR5H8NgwtKQRDMC6RazBMjJDxV8= X-Rspamd-Queue-Id: 6AECF180099 X-Rspam-User: X-Stat-Signature: g6ptzz9dckn3etwm3tm743mzox9uxeeg Authentication-Results: imf06.hostedemail.com; dkim=pass header.d=bytedance-com.20210112.gappssmtp.com header.s=20210112 header.b=jjJ8BeO4; spf=pass (imf06.hostedemail.com: domain of tujinjiang@bytedance.com designates 209.85.210.195 as permitted sender) smtp.mailfrom=tujinjiang@bytedance.com; dmarc=pass (policy=none) header.from=bytedance.com X-Rspamd-Server: rspam08 X-HE-Tag: 1658912828-17705 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000148, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: Jinjiang Tu when shrinker is registered with SHRINKER_MEMCG_AWARE flag, register_shrinker will not initialize shrinker->nr_deferred, but the pointer will be passed to kfree in unregister_shrinker when the shrinker is unregistered. This leads to kernel crash when the shrinker object is dynamically allocated. To fix it, this patch initialize shrinker->nr_deferred at the beginning of prealloc_shrinker. Signed-off-by: Jinjiang Tu --- mm/vmscan.c | 1 + 1 file changed, 1 insertion(+) diff --git a/mm/vmscan.c b/mm/vmscan.c index f7d9a683e3a7..06ab5a398971 100644 --- a/mm/vmscan.c +++ b/mm/vmscan.c @@ -613,6 +613,7 @@ int prealloc_shrinker(struct shrinker *shrinker) unsigned int size; int err; + shrinker->nr_deferred = NULL; if (shrinker->flags & SHRINKER_MEMCG_AWARE) { err = prealloc_memcg_shrinker(shrinker); if (err != -ENOSYS) -- 2.17.1