From nobody Mon Feb 9 10:49:12 2026 Received: from out203-205-221-191.mail.qq.com (out203-205-221-191.mail.qq.com [203.205.221.191]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 638B333438D for ; Mon, 5 Jan 2026 16:14:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=203.205.221.191 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767629680; cv=none; b=F9bACw+oFIPMXIt7xqS4iRQ4faQxu90euKqy0qM/6GrI0nZ5seMqdHhCLhUVvWIE/fJCYa9PsWN2p6TD9IaG4RRsu6UsomHGQDvhvhGowHv755Z7YxY2+YGYamAPJWBNX5SN+BYHAPeYu7XO5GQ2cidFo+YuNzGVx29A2bAKKBU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767629680; c=relaxed/simple; bh=HCZFfSYYyW9lecJWguBtK2e0p3cxH8hAcNU6/UXBRJM=; h=Message-ID:From:To:Cc:Subject:Date:In-Reply-To:References: MIME-Version; b=Cg+IPoPhhWWOsINOi/CNklfUKe0I5mmQ4lyMbur00z2Gg4YsQh+o0nCFtCgrVPPbivnIzkDDRqMq23dpweoAmsooP61kLXSpfbSRZAvuKD0NBN25lxdfGUMc3L9/bOurTByiKUOrtZyZHllJb9vkFdql+w35co6j9qEMvApD7LM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=qq.com; spf=pass smtp.mailfrom=qq.com; dkim=pass (1024-bit key) header.d=qq.com header.i=@qq.com header.b=j2nD5S9n; arc=none smtp.client-ip=203.205.221.191 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=qq.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=qq.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=qq.com header.i=@qq.com header.b="j2nD5S9n" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qq.com; s=s201512; t=1767629669; bh=s38KkU17Ay5HnTLCoKtpVpV8tXUo9BCyqLzRuXklMps=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=j2nD5S9nh16u3vDsLHpvVmnZp2+Wmnj38LCAaYgmo/Lt+METPW9I50VvdtyMJN7qx U4KKe0oNczn9YMwKVspQ/FHmieFLfAfmpe4/c7h1r1kSgdBVRERMAU3jn32eN2BJQm btwZlrn6vPmSVdaAwcgfsiJPdg9ojDHBgMIBnRZA= Received: from kali ([111.19.95.200]) by newxmesmtplogicsvrszb51-1.qq.com (NewEsmtp) with SMTP id 39A2F44C; Tue, 06 Jan 2026 00:14:26 +0800 X-QQ-mid: xmsmtpt1767629666t2mdzv8og Message-ID: X-QQ-XMAILINFO: Mfa2ogpi8We7lVPqvDLzthZllHetaOlV/jC2mvPZ6yPOAxvOmySIZBcvxmD4QM J/cD43pjcuQqmG2afp3OJNWYJehbbVA4d6BzBWlXbFN4EkagUhuyaJrsT1YiA45Nc3La/hrHnyo6 FrKAPi/74yLkOeT+udSShijCrkouu0BUe35NPoKUDkfPB6qgO/d+FloLv1x+fsECtgSDjs2cOGS4 wHdOkC4QaGuvrU4od54j4QxaXSOyOrx5B4aks6+AYwfIFUs0yoB81igoxE8woK86VvK5JkwqRJ8J auchNvaTJwHJ0JAopzteBLWQDOSxZ/QnOMQILIi/Ot10tGQMufGH6s/qZKYB+BPMvKGUBzOR6ya/ IvMPk9zWgxcLogkpB3IhySRqtukGgSZ7i9dSI3fGFpo9Hhd0WXGst37ND1J54ZotyRWx+7SPYGKF 3BMYpGzGKo177GCsSE4hIU0Zyk7yYc6vcY5EOlavJyIFX4csmoUlv3ZjV4Ggxl6mEWFb6rDYK/Vl BvSE7K8DfIc8J19b0v+s9fZ9A+UjLotkT73v+TvrQGliqRHb9yiYOlJyUCgtLtEyqm3WRIOAUUbU kXzMgCRU3djBRjk+yJfYoogkLyjIGRiJAfKw1MCyvD9CmHNV1G0HTH7+EfOnB5uBCwbIZKuAgIC/ 7njRpGbZsT+fP2yf57sKAm1xVB2Tc44O0Ws1Hhip4/4GrVnzLB7tvCtPe3aUdwLdMQh5bO6TQmxb wWnhr2Pd+fVJiEseWQ/gXV3Djx15P9Jm/93/IU59Thakosr9idBByy5LpQIMF08+H/qLNUUliBK/ wDR4TK1zTKbkvumqKKEhfxfD0U2cx54dTSaJ4FnqHzwCPL6qOQaO9glGteFqeXjYrB+a8M7apBYX OCM+hT6UhmV/oHEiN0rekztPp7WUl8ZXZFapd2pCmH7Us2FM8LnwV3yzonatOYP/Oog4kF0LZ3jB bPqWnI80pjREi01x2irrCLwtNo+z0S2ITIXx95tsejm5IQVkf6xMt47zh8jEGo7yfycMO4jV/fw3 QfahJEfu35rSPWpxlybOu10aqaqRgs3/AHsHcfisWQ+pELSLsYvZhV+Yybo18= X-QQ-XMRINFO: MSVp+SPm3vtSI1QTLgDHQqIV1w2oNKDqfg== From: Xiao Kan <814091656@qq.com> To: maarten.lankhorst@linux.intel.com, mripard@kernel.org, tzimmermann@suse.de, airlied@gmail.com, simona@ffwll.ch, dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org Cc: w@1wt.eu, security@kernel.org, kanxiao666@gmail.com, xiao.kan@samsung.com, Xiao Kan <814091656@qq.com> Subject: [PATCH v2] drm: Account property blob allocations to memcg Date: Mon, 5 Jan 2026 11:14:13 -0500 X-OQ-MSGID: <20260105161413.6468-1-814091656@qq.com> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260105-abiding-aloof-locust-dcadac@houat> References: <20260105-abiding-aloof-locust-dcadac@houat> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" DRM_IOCTL_MODE_CREATEPROPBLOB allows userspace to allocate arbitrary-sized property blobs backed by kernel memory. Currently, the blob data allocation is not accounted to the allocating process's memory cgroup, allowing unprivileged users to trigger unbounded kernel memory consumption and potentially cause system-wide OOM. Mark the property blob data allocation with GFP_ACCOUNT so that the memory is properly charged to the caller's memcg. This ensures existing cgroup memory limits apply and prevents uncontrolled kernel memory growth without introducing additional policy or per-file limits. Changes since v1: - Drop the per-drm_file blob count limit. - Account blob data allocations to memcg via GFP_KERNEL_ACCOUNT instead. Signed-off-by: Xiao Kan <814091656@qq.com> Signed-off-by: Xiao Kan --- drivers/gpu/drm/drm_property.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/drm_property.c b/drivers/gpu/drm/drm_property.c index 596272149..a34758712 100755 --- a/drivers/gpu/drm/drm_property.c +++ b/drivers/gpu/drm/drm_property.c @@ -562,7 +562,7 @@ drm_property_create_blob(struct drm_device *dev, size_t= length, if (!length || length > INT_MAX - sizeof(struct drm_property_blob)) return ERR_PTR(-EINVAL); =20 - blob =3D kvzalloc(sizeof(struct drm_property_blob)+length, GFP_KERNEL); + blob =3D kvzalloc(sizeof(struct drm_property_blob)+length, GFP_KERNEL_ACC= OUNT); if (!blob) return ERR_PTR(-ENOMEM); =20 --=20 2.51.0