[PATCH] fix: mm: memcontrol: convert objcg to be per-memcg per-node type

Next message: Qi Zheng: "[PATCH 1/3] mm: memcontrol: correct the type of stats_updates to unsigned long"
Previous message: Xuan Zhuo: "Re: [PATCH net v2] virtio_net: Fix UAF on dst_ops when IFF_XMIT_DST_RELEASE is cleared and napi_tx is false"
In reply to: Andrew Morton: "Re: [PATCH 3/3] mm: memcontrol: correct the nr_pages parameter type of mem_cgroup_update_lru_size()"
Next in thread: Qi Zheng: "Re: [PATCH] fix: mm: memcontrol: convert objcg to be per-memcg per-node type"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Qi Zheng

Date: Tue Mar 24 2026 - 07:34:26 EST

From: Qi Zheng <zhengqi.arch@xxxxxxxxxxxxx>

Reset pn->orig_objcg to NULL to prevent obj_cgroup_put()
from being called agagin in __mem_cgroup_free().

Reported-by: Usama Arif <usama.arif@xxxxxxxxx>
Signed-off-by: Qi Zheng <zhengqi.arch@xxxxxxxxxxxxx>
---
mm/memcontrol.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/mm/memcontrol.c b/mm/memcontrol.c
index 992a3f5caa62b..ad32639ea5959 100644
--- a/mm/memcontrol.c
+++ b/mm/memcontrol.c
@@ -4140,8 +4140,14 @@ static int mem_cgroup_css_online(struct cgroup_subsys_state *css)
for_each_node(nid) {
struct mem_cgroup_per_node *pn = memcg->nodeinfo[nid];

- if (pn && pn->orig_objcg)
+ if (pn && pn->orig_objcg) {
obj_cgroup_put(pn->orig_objcg);
+ /*
+ * Reset pn->orig_objcg to NULL to prevent obj_cgroup_put()
+ * from being called agagin in __mem_cgroup_free().
+ */
+ pn->orig_objcg = NULL;
+ }
}
free_shrinker_info(memcg);
offline_kmem:
--
2.20.1