Home Explore Help
Register Sign In
Apq
/
pve-edge-kernel
mirror of https://github.com/fabianishere/pve-edge-kernel.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: a263c85c84
Branches Tags
pve-edge-kernel
/
patches
/
pve
/
0007-cgroup-fix-cgroup_sk_alloc-for-sk_clone_lock.patch

0007-cgroup-fix-cgroup_sk_alloc-for-sk_clone_lock.patch 4.0 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113 
  1. From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
    2. 

  2. From: Cong Wang <[email protected]>
    3. 

  3. Date: Tue, 16 Jun 2020 11:03:52 -0700
    4. 

  4. Subject: [PATCH] cgroup: fix cgroup_sk_alloc() for sk_clone_lock()
    5. 

  5. MIME-Version: 1.0
    6. 

  6. Content-Type: text/plain; charset=UTF-8
    7. 

  7. Content-Transfer-Encoding: 8bit
    8. 

  8. 

  9. When we clone a socket in sk_clone_lock(), its sk_cgrp_data is
    10. 

  10. copied, so the cgroup refcnt must be taken too. And, unlike the
    11. 

  11. sk_alloc() path, sock_update_netprioidx() is not called here.
    12. 

  12. Therefore, it is safe and necessary to grab the cgroup refcnt
    13. 

  13. even when cgroup_sk_alloc is disabled.
    14. 

  14. 

  15. sk_clone_lock() is in BH context anyway, the in_interrupt()
    16. 

  16. would terminate this function if called there. And for sk_alloc()
    17. 

  17. skcd->val is always zero. So it's safe to factor out the code
    18. 

  18. to make it more readable.
    19. 

  19. 

  20. Fixes: 090e28b229af92dc5b ("netprio_cgroup: Fix unlimited memory leak of v2 cgroups")
    21. 

  21. Reported-by: Cameron Berkenpas <[email protected]>
    22. 

  22. Reported-by: Peter Geis <[email protected]>
    23. 

  23. Reported-by: Lu Fengqi <[email protected]>
    24. 

  24. Reported-by: Daniël Sonck <[email protected]>
    25. 

  25. Tested-by: Cameron Berkenpas <[email protected]>
    26. 

  26. Cc: Daniel Borkmann <[email protected]>
    27. 

  27. Cc: Zefan Li <[email protected]>
    28. 

  28. Cc: Tejun Heo <[email protected]>
    29. 

  29. Signed-off-by: Cong Wang <[email protected]>
    30. 

  30. Signed-off-by: Thomas Lamprecht <[email protected]>
    31. 

  31. ---
    32. 

  32.  include/linux/cgroup.h |  2 ++
    33. 

  33.  kernel/cgroup/cgroup.c | 26 ++++++++++++++------------
    34. 

  34.  net/core/sock.c        |  2 +-
    35. 

  35.  3 files changed, 17 insertions(+), 13 deletions(-)
    36. 

  36. 

  37. diff --git a/include/linux/cgroup.h b/include/linux/cgroup.h
    38. 

  38. index 57577075d204..14452a801d95 100644
    39. 

  39. --- a/include/linux/cgroup.h
    40. 

  40. +++ b/include/linux/cgroup.h
    41. 

  41. @@ -822,6 +822,7 @@ extern spinlock_t cgroup_sk_update_lock;
    42. 

  42.  
    43. 

  43.  void cgroup_sk_alloc_disable(void);
    44. 

  44.  void cgroup_sk_alloc(struct sock_cgroup_data *skcd);
    45. 

  45. +void cgroup_sk_clone(struct sock_cgroup_data *skcd);
    46. 

  46.  void cgroup_sk_free(struct sock_cgroup_data *skcd);
    47. 

  47.  
    48. 

  48.  static inline struct cgroup *sock_cgroup_ptr(struct sock_cgroup_data *skcd)
    49. 

  49. @@ -847,6 +848,7 @@ static inline struct cgroup *sock_cgroup_ptr(struct sock_cgroup_data *skcd)
    50. 

  50.  #else	/* CONFIG_CGROUP_DATA */
    51. 

  51.  
    52. 

  52.  static inline void cgroup_sk_alloc(struct sock_cgroup_data *skcd) {}
    53. 

  53. +static inline void cgroup_sk_clone(struct sock_cgroup_data *skcd) {}
    54. 

  54.  static inline void cgroup_sk_free(struct sock_cgroup_data *skcd) {}
    55. 

  55.  
    56. 

  56.  #endif	/* CONFIG_CGROUP_DATA */
    57. 

  57. diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
    58. 

  58. index 7c9e97553a00..d56ee72f4a07 100644
    59. 

  59. --- a/kernel/cgroup/cgroup.c
    60. 

  60. +++ b/kernel/cgroup/cgroup.c
    61. 

  61. @@ -6382,18 +6382,6 @@ void cgroup_sk_alloc(struct sock_cgroup_data *skcd)
    62. 

  62.  	if (cgroup_sk_alloc_disabled)
    63. 

  63.  		return;
    64. 

  64.  
    65. 

  65. -	/* Socket clone path */
    66. 

  66. -	if (skcd->val) {
    67. 

  67. -		/*
    68. 

  68. -		 * We might be cloning a socket which is left in an empty
    69. 

  69. -		 * cgroup and the cgroup might have already been rmdir'd.
    70. 

  70. -		 * Don't use cgroup_get_live().
    71. 

  71. -		 */
    72. 

  72. -		cgroup_get(sock_cgroup_ptr(skcd));
    73. 

  73. -		cgroup_bpf_get(sock_cgroup_ptr(skcd));
    74. 

  74. -		return;
    75. 

  75. -	}
    76. 

  76. -
    77. 

  77.  	/* Don't associate the sock with unrelated interrupted task's cgroup. */
    78. 

  78.  	if (in_interrupt())
    79. 

  79.  		return;
    80. 

  80. @@ -6415,6 +6403,20 @@ void cgroup_sk_alloc(struct sock_cgroup_data *skcd)
    81. 

  81.  	rcu_read_unlock();
    82. 

  82.  }
    83. 

  83.  
    84. 

  84. +void cgroup_sk_clone(struct sock_cgroup_data *skcd)
    85. 

  85. +{
    86. 

  86. +	/* Socket clone path */
    87. 

  87. +	if (skcd->val) {
    88. 

  88. +		/*
    89. 

  89. +		 * We might be cloning a socket which is left in an empty
    90. 

  90. +		 * cgroup and the cgroup might have already been rmdir'd.
    91. 

  91. +		 * Don't use cgroup_get_live().
    92. 

  92. +		 */
    93. 

  93. +		cgroup_get(sock_cgroup_ptr(skcd));
    94. 

  94. +		cgroup_bpf_get(sock_cgroup_ptr(skcd));
    95. 

  95. +	}
    96. 

  96. +}
    97. 

  97. +
    98. 

  98.  void cgroup_sk_free(struct sock_cgroup_data *skcd)
    99. 

  99.  {
    100. 

  100.  	struct cgroup *cgrp = sock_cgroup_ptr(skcd);
    101. 

  101. diff --git a/net/core/sock.c b/net/core/sock.c
    102. 

  102. index 0adf7a9e5a90..6ef468767ab0 100644
    103. 

  103. --- a/net/core/sock.c
    104. 

  104. +++ b/net/core/sock.c
    105. 

  105. @@ -1836,7 +1836,7 @@ struct sock *sk_clone_lock(const struct sock *sk, const gfp_t priority)
    106. 

  106.  		/* sk->sk_memcg will be populated at accept() time */
    107. 

  107.  		newsk->sk_memcg = NULL;
    108. 

  108.  
    109. 

  109. -		cgroup_sk_alloc(&newsk->sk_cgrp_data);
    110. 

  110. +		cgroup_sk_clone(&newsk->sk_cgrp_data);
    111. 

  111.  
    112. 

  112.  		rcu_read_lock();
    113. 

  113.  		filter = rcu_dereference(sk->sk_filter);
    114.