From nobody Sat Feb 7 07:31:11 2026 Received: from out162-62-57-49.mail.qq.com (out162-62-57-49.mail.qq.com [162.62.57.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id ED001396D3E for ; Wed, 14 Jan 2026 13:22:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=162.62.57.49 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768396982; cv=none; b=tBw3gIvCpqqFp94AH3CWpibJyPeKxGQDNrrZBotYiq5TTn3Q3+mRuvaN4pbWBAhlEMq2qLVNwxmZyz4oPMAs+UObRh/jlciJHv1UhGoUyTCPykVmjXNFUuY79oU3gEGAxPW3+b3NH3o/eKQGm79xZbGV9t2dx7zyaIVF2AZeTh8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768396982; c=relaxed/simple; bh=bnO8aDNTWHF84bBdriWP2ScIobrmWMCIoeMxGunH5eQ=; h=Message-ID:From:To:Cc:Subject:Date:In-Reply-To:References: MIME-Version; b=sZ1LmiEMZXUjCnirEk0OkRNzlLWjnCmplz2VsfOAwTuA8Han/EvxtpCyOk6TkXRbljSj5ub8g/K6xgyHFKvwzWeXVhHGkv7Svj/sW1hPrlD9vySVPJQJyamDVJjkv59pKDFyXnQoNXEm6Mnslzk9C+yClSCmJ9oZzqG0t74cL1Y= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=qq.com; spf=pass smtp.mailfrom=qq.com; dkim=pass (1024-bit key) header.d=qq.com header.i=@qq.com header.b=qrB64sj0; arc=none smtp.client-ip=162.62.57.49 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=qq.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=qq.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=qq.com header.i=@qq.com header.b="qrB64sj0" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qq.com; s=s201512; t=1768396969; bh=zfYuIj3UC21qzJpd33IIEElTo1lBdYgm+xg7jiWR1j8=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=qrB64sj00+YVUFmRp5ACd4KTjyrEGPbQibjRQ3HsokdGPI2MvMiHwcbHOaJlEHojw oxmT+zbt8zHQE6p/Jwqhezf/yWNH8pl10Yo13iMq2xvgN86R0iFGyJ+2NrW8rit2Yf 506wvPqNBYz9Bmit+z2aeMaaDegx2IeYuCjvFXdM= Received: from kali ([111.19.37.221]) by newxmesmtplogicsvrszc43-0.qq.com (NewEsmtp) with SMTP id 5AE29C5F; Wed, 14 Jan 2026 21:22:46 +0800 X-QQ-mid: xmsmtpt1768396966tncpnvehq Message-ID: X-QQ-XMAILINFO: NGZp1yYNf7Y+DWrZtK1FC+sYfFY2/jPKOuuOi5+djarC8W8P9khYL99lNHzMCw f2uGvopiytaYQ34r+8iYUv/j8VapzpL/F8JbVHAEQwCvzeex8omQdyU9nLIBjZ7yLSZbgdq3aPaM AwVKWWIEaTc+a3eUAmP375xSxNrcaXAanMfIpFbsLS3wh6AmFzY9tT7Hm+N1bdQPgUeIRc7An4oB u1mB8BklR6pMWZAAXgau9QUKJIApTFHAOQdVrzmc+1oiUx61ZV2fQ3kw8Qn/W+8AvOuFeM0NOEZi FYk30uiVf4gmp3VM6BStHqFf0p/8l8fnw4eN7JfaJRNeqBmLMsaCp4lOoy7oM4ayHm1OXN3fgiee LVfAOz9crbpNNYctGSn0PbacOqZ+6tXhnVP+7Hzk5FefWVy/zuUVcbbqvRAOrcsD8Txm0oAdr2w/ PwN1FIzoVN87MIxT7idKAt+XWYP9PH/7WiBQDc89ZVtjegKaYuHRJz22V8lPHBzBv8ox629zGSIR 6JHUhOgieJXHHIn8WSySJ72DcvaDc3XkhIpvjxK3lkS1hBhGkqaVZitfRUbZumhPFxTxBe+eViPz Xk7VhWiE8vCu1Pn0eqrEFErkn88/ojLTKooq3CRye/jZwvxolgPpwGR7Wy60nQ7QJ1902YNUJ5Ye hYNzncj+gMJ1L7LE3106lXyFSItOQ501mjFGgyNDwZrQ+048HKtHHGrHbV6fXrElIHI5Js4xEzwS i6rKxVJMG3UaWAjjtMX7Ti12C24SwEwX1Q+Oxn9r2fvmczHM8RGVGnbqZBtu/beQ8Huqq3wcLoEb 5Nnp+eUm5GLdDtwDSeSskMSNqDTp+6m1lWYsL1Lga0Gs/ccIU97mAUJ0e8qhTG2QweJkvwrFiiy1 TKNM8Ul35rPy/tTugIzRDca/ld2UNY+kNYmujMHoPIzWmPS9MmjrqhQH8ZJw2LBAbhnpdE8e9/h9 ///Zz8iI2fKNVZ8XtDph10w2+ZJjosly05SILKP0zPsW4sRCkrNNfy3olKyBqgA9rAPASWx8pQYd jKk0dyPqzuWX2Cc9I5Cii6WCMNsvXt9Ig855LD3g== X-QQ-XMRINFO: OD9hHCdaPRBwH5bRRRw8tsiH4UAatJqXfg== From: Xiao Kan <814091656@qq.com> To: maarten.lankhorst@linux.intel.com, mripard@kernel.org, tzimmermann@suse.de, airlied@gmail.com, simona@ffwll.ch, dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org Cc: w@1wt.eu, security@kernel.org, kanxiao666@gmail.com, xiao.kan@samsung.com, Xiao Kan <814091656@qq.com> Subject: [PATCH v3] drm: Account property blob allocations to memcg Date: Wed, 14 Jan 2026 08:22:26 -0500 X-OQ-MSGID: <20260114132226.13275-1-814091656@qq.com> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260113-kickass-sensible-basilisk-66d487@houat> References: <20260113-kickass-sensible-basilisk-66d487@houat> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" DRM_IOCTL_MODE_CREATEPROPBLOB allows userspace to allocate arbitrary-sized property blobs backed by kernel memory. Currently, the blob data allocation is not accounted to the allocating process's memory cgroup, allowing unprivileged users to trigger unbounded kernel memory consumption and potentially cause system-wide OOM. Mark the property blob data allocation with GFP_KERNEL_ACCOUNT so that the = memory is properly charged to the caller's memcg. This ensures existing cgroup memory limits apply and prevents uncontrolled kernel memory growth without introducing additional policy or per-file limits. Signed-off-by: Xiao Kan <814091656@qq.com> Signed-off-by: Xiao Kan --- drivers/gpu/drm/drm_property.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/drm_property.c b/drivers/gpu/drm/drm_property.c index 596272149..3c88b5fbd 100755 --- a/drivers/gpu/drm/drm_property.c +++ b/drivers/gpu/drm/drm_property.c @@ -562,7 +562,7 @@ drm_property_create_blob(struct drm_device *dev, size_t= length, if (!length || length > INT_MAX - sizeof(struct drm_property_blob)) return ERR_PTR(-EINVAL); =20 - blob =3D kvzalloc(sizeof(struct drm_property_blob)+length, GFP_KERNEL); + blob =3D kvzalloc(sizeof(struct drm_property_blob) + length, GFP_KERNEL_A= CCOUNT); if (!blob) return ERR_PTR(-ENOMEM); =20 --=20 2.51.0