Re: [PATCH v3 1/1] psi: Fix uaf issue when psi trigger is destroyed while being polled

From: Matthew Wilcox
Date: Wed Jan 12 2022 - 13:16:37 EST


On Wed, Jan 12, 2022 at 09:49:00AM -0800, Suren Baghdasaryan wrote:
> > This happens with the following config:
> >
> > CONFIG_CGROUPS=n
> > CONFIG_PSI=y
> >
> > With cgroups disabled these functions are defined as non-static but
> > are not defined in the header
> > (https://elixir.bootlin.com/linux/latest/source/include/linux/psi.h#L28)
> > since the only external user cgroup.c is disabled. The cleanest way to
> > fix these I think is by doing smth like this in psi.c:

A cleaner way to solve these is simply:

#ifndef CONFIG_CGROUPS
static struct psi_trigger *psi_trigger_create(...);
...
#endif

I tested this works:

$ cat foo5.c
static int psi(void *);

int psi(void *x)
{
return (int)(long)x;
}

int bar(void *x)
{
return psi(x);
}
$ gcc -W -Wall -O2 -c -o foo5.o foo5.c
$ readelf -s foo5.o

Symbol table '.symtab' contains 4 entries:
Num: Value Size Type Bind Vis Ndx Name
0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND
1: 0000000000000000 0 FILE LOCAL DEFAULT ABS foo5.c
2: 0000000000000000 0 SECTION LOCAL DEFAULT 1 .text
3: 0000000000000000 3 FUNC GLOBAL DEFAULT 1 bar