From: Vasily Averin
mainline inclusion
from mainline
commit 18319498fdd4cdf8c1c2c48cd432863b1f915d6f
issue: #I4NRS5
CVE: CVE-2021-3759
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
--------------------------------
When user creates IPC objects it forces kernel to allocate memory for
these long-living objects.
It makes sense to account them to restrict the host's memory consumption
from inside the memcg-limited container.
This patch enables accounting for IPC shared memory segments, messages
semaphores and semaphore's undo lists.
Link: https://lkml.kernel.org/r/d6507b06-4df6-78f8-6c54-3ae86e3b5339@virtuozzo.com
Signed-off-by: Vasily Averin
Reviewed-by: Shakeel Butt
Cc: Alexander Viro
Cc: Alexey Dobriyan
Cc: Andrei Vagin
Cc: Borislav Petkov
Cc: Borislav Petkov
Cc: Christian Brauner
Cc: Dmitry Safonov <0x7f454c46@gmail.com>
Cc: "Eric W. Biederman"
Cc: Greg Kroah-Hartman
Cc: "H. Peter Anvin"
Cc: Ingo Molnar
Cc: "J. Bruce Fields"
Cc: Jeff Layton
Cc: Jens Axboe
Cc: Jiri Slaby
Cc: Johannes Weiner
Cc: Kirill Tkhai
Cc: Michal Hocko
Cc: Oleg Nesterov
Cc: Roman Gushchin
Cc: Serge Hallyn
Cc: Tejun Heo
Cc: Thomas Gleixner
Cc: Vladimir Davydov
Cc: Yutian Yang
Cc: Zefan Li
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
Signed-off-by: Chen Jun
Conflicts:
ipc/msg.c
ipc/sem.c
ipc/shm.c
Reviewed-by: Wang Hui
Signed-off-by: Chen Jun
Signed-off-by: Zheng Zengkai
Signed-off-by: Yu Changchun
---
ipc/msg.c | 2 +-
ipc/sem.c | 9 +++++----
ipc/shm.c | 2 +-
3 files changed, 7 insertions(+), 6 deletions(-)
diff --git a/ipc/msg.c b/ipc/msg.c
index 6e6c8e0c9380..8ded6b8f10a2 100644
--- a/ipc/msg.c
+++ b/ipc/msg.c
@@ -147,7 +147,7 @@ static int newque(struct ipc_namespace *ns, struct ipc_params *params)
key_t key = params->key;
int msgflg = params->flg;
- msq = kvmalloc(sizeof(*msq), GFP_KERNEL);
+ msq = kvmalloc(sizeof(*msq), GFP_KERNEL_ACCOUNT);
if (unlikely(!msq))
return -ENOMEM;
diff --git a/ipc/sem.c b/ipc/sem.c
index 7d9c06b0ad6e..d3b9b73cd9ca 100644
--- a/ipc/sem.c
+++ b/ipc/sem.c
@@ -511,7 +511,7 @@ static struct sem_array *sem_alloc(size_t nsems)
if (nsems > (INT_MAX - sizeof(*sma)) / sizeof(sma->sems[0]))
return NULL;
- sma = kvzalloc(struct_size(sma, sems, nsems), GFP_KERNEL);
+ sma = kvzalloc(struct_size(sma, sems, nsems), GFP_KERNEL_ACCOUNT);
if (unlikely(!sma))
return NULL;
@@ -1852,7 +1852,7 @@ static inline int get_undo_list(struct sem_undo_list **undo_listp)
undo_list = current->sysvsem.undo_list;
if (!undo_list) {
- undo_list = kzalloc(sizeof(*undo_list), GFP_KERNEL);
+ undo_list = kzalloc(sizeof(*undo_list), GFP_KERNEL_ACCOUNT);
if (undo_list == NULL)
return -ENOMEM;
spin_lock_init(&undo_list->lock);
@@ -1937,7 +1937,7 @@ static struct sem_undo *find_alloc_undo(struct ipc_namespace *ns, int semid)
rcu_read_unlock();
/* step 2: allocate new undo structure */
- new = kzalloc(sizeof(struct sem_undo) + sizeof(short)*nsems, GFP_KERNEL);
+ new = kzalloc(sizeof(struct sem_undo) + sizeof(short)*nsems, GFP_KERNEL_ACCOUNT);
if (!new) {
ipc_rcu_putref(&sma->sem_perm, sem_rcu_free);
return ERR_PTR(-ENOMEM);
@@ -2001,7 +2001,8 @@ static long do_semtimedop(int semid, struct sembuf __user *tsops,
if (nsops > ns->sc_semopm)
return -E2BIG;
if (nsops > SEMOPM_FAST) {
- sops = kvmalloc_array(nsops, sizeof(*sops), GFP_KERNEL);
+ sops = kvmalloc_array(nsops, sizeof(*sops),
+ GFP_KERNEL_ACCOUNT);
if (sops == NULL)
return -ENOMEM;
}
diff --git a/ipc/shm.c b/ipc/shm.c
index e25c7c6106bc..fce0b7b12939 100644
--- a/ipc/shm.c
+++ b/ipc/shm.c
@@ -619,7 +619,7 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params)
ns->shm_tot + numpages > ns->shm_ctlall)
return -ENOSPC;
- shp = kvmalloc(sizeof(*shp), GFP_KERNEL);
+ shp = kvmalloc(sizeof(*shp), GFP_KERNEL_ACCOUNT);
if (unlikely(!shp))
return -ENOMEM;
--
2.25.1
