Received: by 2002:a25:868d:0:0:0:0:0 with SMTP id z13csp2966336ybk; Mon, 18 May 2020 12:17:47 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy1hYlnGuvmCwna5X30QgCMZIo22jDrMrXvSlSRWZNENZYiaXZSRSgqPbdTanpH9/+NDaQ+ X-Received: by 2002:a05:6402:7ca:: with SMTP id u10mr14439863edy.322.1589829467381; Mon, 18 May 2020 12:17:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1589829467; cv=none; d=google.com; s=arc-20160816; b=fw6YHUsY+vPD2ambz1G8ATxA6NMUV6rFo79Prfv6cmm/fAusPACsemhD1IVyB2Hjwq QpF/dAgjcdgMexA3gtuSmxkMoz2b7V33oVmNiJu496ALq/oFePZ0dA1Ll1vhX6KB6UZD sqUHmsPD6tryJD8C5VTOgTQlgpGMj2PjYgUkIv1Zmh+PYfuImRc3jgzA6Ux7LfLdvmt0 5CmEuLFbSs+zDsx2WT0kQ8MSwiGySEUkTxvk5H2POaAgR9UOu831iKq+JkGJqLqXdRGl wfYdlY6qG3ynGUhjH+Ujc+HPuBwOMdHnwLvHfw2Dx681QrwGhjpxZSrobCCQU53znAsp XkzQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=MQp4gcqrMkgfMb7QVj1Yv6Zk97m2tuxA454iJaXwMq4=; b=tYNowzRhwYkkoCyexS9C8ON4rUJnLpIJihgLlTWdyQf8hx5RNhOX/yAHkrYRal5xTn hZBgFo2ocNnY7LVF3hDPSLzDd6O0TUqGdhuJD3ncuNF9OxzQnuUi0VzWLoxHFNaLffRm lD/0eXa1dzkQ9NA3XR7fwSCu5Ctnrs4c3gxhfInNyMJ+7gxbYCjpmeNwysbsmov2TzHS A0T35iycTbPWD9+sKMlTT/sO94A7HzhZm/J8eebO2MVoueiBhOvE4K5q0alZN10jWWgO H93yp0h8TvTiRHeRLXnhIrqQ/dK+KslY1F24EbDRYqVA7vLvQZHgkYU7bJbHLj5meDcs GTYQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=DnZun8pf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id r18si6633533edm.489.2020.05.18.12.17.23; Mon, 18 May 2020 12:17:47 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=DnZun8pf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728344AbgERRu7 (ORCPT + 99 others); Mon, 18 May 2020 13:50:59 -0400 Received: from mail.kernel.org ([198.145.29.99]:53314 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730750AbgERRuz (ORCPT ); Mon, 18 May 2020 13:50:55 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 9438A20715; Mon, 18 May 2020 17:50:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1589824255; bh=/Ua9XrqbJSoRkQyQ+LB68APHpv44F3/AJIASOFivlPs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=DnZun8pf8svNKPtm/zW1dSfgfnRHyr3NlHrGDkK4p3Oj9phAW2xkz4sQBpqmhFWJN wOE3SUirB7m4uiQbKtsbfXrARld6ToZL1iHmztPhi2kogLDr/z2HPY61rrUyD652GX z3wMJo3UacJfcqnx5qxQe6nF/SWnL23HvOWMPS00= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Yang Yingliang , Zefan Li , Tejun Heo , Jakub Kicinski Subject: [PATCH 4.19 19/80] netprio_cgroup: Fix unlimited memory leak of v2 cgroups Date: Mon, 18 May 2020 19:36:37 +0200 Message-Id: <20200518173454.260324438@linuxfoundation.org> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200518173450.097837707@linuxfoundation.org> References: <20200518173450.097837707@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Zefan Li [ Upstream commit 090e28b229af92dc5b40786ca673999d59e73056 ] If systemd is configured to use hybrid mode which enables the use of both cgroup v1 and v2, systemd will create new cgroup on both the default root (v2) and netprio_cgroup hierarchy (v1) for a new session and attach task to the two cgroups. If the task does some network thing then the v2 cgroup can never be freed after the session exited. One of our machines ran into OOM due to this memory leak. In the scenario described above when sk_alloc() is called cgroup_sk_alloc() thought it's in v2 mode, so it stores the cgroup pointer in sk->sk_cgrp_data and increments the cgroup refcnt, but then sock_update_netprioidx() thought it's in v1 mode, so it stores netprioidx value in sk->sk_cgrp_data, so the cgroup refcnt will never be freed. Currently we do the mode switch when someone writes to the ifpriomap cgroup control file. The easiest fix is to also do the switch when a task is attached to a new cgroup. Fixes: bd1060a1d671 ("sock, cgroup: add sock->sk_cgroup") Reported-by: Yang Yingliang Tested-by: Yang Yingliang Signed-off-by: Zefan Li Acked-by: Tejun Heo Signed-off-by: Jakub Kicinski Signed-off-by: Greg Kroah-Hartman --- net/core/netprio_cgroup.c | 2 ++ 1 file changed, 2 insertions(+) --- a/net/core/netprio_cgroup.c +++ b/net/core/netprio_cgroup.c @@ -240,6 +240,8 @@ static void net_prio_attach(struct cgrou struct task_struct *p; struct cgroup_subsys_state *css; + cgroup_sk_alloc_disable(); + cgroup_taskset_for_each(p, css, tset) { void *v = (void *)(unsigned long)css->cgroup->id;