page_counter_uncharge() must return 0 only on the final uncharge of kmem, but memcg_uncharge_kmem(0) may bring to use-after-free after it. WARN to find callers, who charge for 0.
Signed-off-by: Kirill Tkhai <[email protected]> --- mm/memcontrol.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/mm/memcontrol.c b/mm/memcontrol.c index c3586e8e27ca..010d580f39cc 100644 --- a/mm/memcontrol.c +++ b/mm/memcontrol.c @@ -3508,6 +3508,9 @@ void memcg_uncharge_kmem(struct mem_cgroup *memcg, { u64 kmem; + if (WARN_ON_ONCE(!nr_pages)) + return; + kmem = page_counter_uncharge(&memcg->kmem, nr_pages); page_counter_uncharge(&memcg->memory, nr_pages); _______________________________________________ Devel mailing list [email protected] https://lists.openvz.org/mailman/listinfo/devel
