Hi Roman, Shakeel, Johannes, and all,

Thanks for the quick reviews and acks.

I’ve sent v2 switching to GFP_KERNEL_ACCOUNT in all three allocations.
Otherwise unchanged.
Link: https://lore.kernel.org/all/aLqvzCiPCGzA5eYo@b7823f61de85/T/#t

If you’d like me to respin to restore any tags into the commit message
(e.g., Acked-by: Johannes, Reported-by, Cc: stable) instead of adding them
while applying, I’m happy to send a trivial v3.

Let me know if this looks good.

Best wishes,
Stanislav Fort
Aisle Research

On Fri, Sep 5, 2025 at 2:46 AM Shakeel Butt <shakeel.butt@linux.dev> wrote:

> On Thu, Sep 04, 2025 at 09:12:48PM +0300, Stanislav Fort wrote:
> > In cgroup v1, the legacy cgroup.event_control file is world-writable and
> allows unprivileged users to register unbounded events and thresholds. Each
> registration allocates kernel memory without capping or memcg charging,
> which can be abused to exhaust kernel memory in affected configurations.
> >
> > Make the following minimal changes:
> > - Account allocations with __GFP_ACCOUNT in event and threshold
> registration.
> > - Remove CFTYPE_WORLD_WRITABLE from cgroup.event_control to make it
> owner-writable.
> >
> > This does not affect cgroup v2. Allocations are still subject to kmem
> accounting being enabled, but this reduces unbounded global growth.
> >
> > Reported-by: Stanislav Fort <disclosure@aisle.com>
> > Acked-by: Johannes Weiner <hannes@cmpxchg.org>
> > Cc: stable@vger.kernel.org
> > Signed-off-by: Stanislav Fort <disclosure@aisle.com>
>
> Acked-by: Shakeel Butt <shakeel.butt@linux.dev>
>