Re: kasan cgroup user-after-free in get_mem_cgroup_from_mm

From: Michal Hocko
Date: Wed Jun 21 2023 - 03:33:04 EST

Next message: Sui Jingfeng: "Re: [PATCH v7 2/8] PCI/VGA: Deal only with VGA class devices"
Previous message: Peter Zijlstra: "Re: [PATCH v2 5/5] x86/idle: Disable IBRS entering mwait idle and enable it on wakeup"
In reply to: junfei fang: "Re: kasan cgroup user-after-free in get_mem_cgroup_from_mm"
Next in thread: junfei fang: "Re: kasan cgroup user-after-free in get_mem_cgroup_from_mm"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed 21-06-23 10:18:31, junfei fang wrote:
> Thank you for your prompt response.
>
> We are using kernel-5.15 in our project and cannot change it.

It will be hard to get a community support for such a kernel I am
afraid. Especially when considering the kernel is heavily tainted
> CPU: 0 PID: 6071 Comm: elastic_postChe Tainted: P S WC OE

by proprietary, out-of-tree modules, pre-existing warnings that might be
related and TAINT_CPU_OUT_OF_SPEC doesn't add much confidence into setup
either.

> Do you have any suggestions on how to fix this issue?

No, not really. From what I can see the report complains about cset
associated with the process' mm. I do not recall any specific bug where
css would be released prematurely. Maybe somebody else who is more
familiar with the cgroup core would know better.

Btw. you should be sending the full UAF report after you have CCed LKML.
--
Michal Hocko
SUSE Labs

Next message: Sui Jingfeng: "Re: [PATCH v7 2/8] PCI/VGA: Deal only with VGA class devices"
Previous message: Peter Zijlstra: "Re: [PATCH v2 5/5] x86/idle: Disable IBRS entering mwait idle and enable it on wakeup"
In reply to: junfei fang: "Re: kasan cgroup user-after-free in get_mem_cgroup_from_mm"
Next in thread: junfei fang: "Re: kasan cgroup user-after-free in get_mem_cgroup_from_mm"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]