Commit a38be546 authored by Shakeel Butt's avatar Shakeel Butt Committed by Andrew Morton
Browse files

mm/damon/core: get memcg reference before access 

The commit b74a120b ("mm/damon/core: implement
DAMOS_QUOTA_NODE_MEMCG_USED_BP") added accesses to memcg structure without
getting reference to it.  This is unsafe.  Let's get the reference before
accessing the memcg.

Link: https://lkml.kernel.org/r/20251225002904.139543-1-shakeel.butt@linux.dev


Fixes: b74a120b ("mm/damon/core: implement DAMOS_QUOTA_NODE_MEMCG_USED_BP")
Signed-off-by: default avatarShakeel Butt <shakeel.butt@linux.dev>
Reviewed-by: default avatarSeongJae Park <sj@kernel.org>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
parent 582f0f38

mm/damon/core.c

+6 −2
Original line number Diff line number Diff line
@@ -2051,13 +2051,15 @@ static unsigned long damos_get_node_memcg_used_bp( 


	rcu_read_lock();

	memcg = mem_cgroup_from_id(goal->memcg_id);

	if (!memcg || !mem_cgroup_tryget(memcg)) {

		rcu_read_unlock();

	if (!memcg) {

		if (goal->metric == DAMOS_QUOTA_NODE_MEMCG_USED_BP)

			return 0;

		else	/* DAMOS_QUOTA_NODE_MEMCG_FREE_BP */

			return 10000;

	}

	rcu_read_unlock();



	mem_cgroup_flush_stats(memcg);

	lruvec = mem_cgroup_lruvec(memcg, NODE_DATA(goal->nid));

	used_pages = lruvec_page_state(lruvec, NR_ACTIVE_ANON);
@@ -2065,6 +2067,8 @@ static unsigned long damos_get_node_memcg_used_bp( 
	used_pages += lruvec_page_state(lruvec, NR_ACTIVE_FILE);

	used_pages += lruvec_page_state(lruvec, NR_INACTIVE_FILE);



	mem_cgroup_put(memcg);



	si_meminfo_node(&i, goal->nid);

	if (goal->metric == DAMOS_QUOTA_NODE_MEMCG_USED_BP)

		numerator = used_pages;