cgroup/psi: Set of->priv to NULL upon file release

PlaidCat · PlaidCat · commit ba1c4fe8da68 · 2025-11-06T11:50:29.000-05:00
jira LE-4659 cve CVE-2025-39881 Rebuild_History Non-Buildable kernel-6.12.0-55.42.1.el10_0 commit-author Chen Ridong <chenridong@huawei.com> commit 94a4acf Setting of->priv to NULL when the file is released enables earlier bug detection. This allows potential bugs to manifest as NULL pointer dereferences rather than use-after-free errors[1], which are generally more difficult to diagnose. [1] https://lore.kernel.org/cgroups/38ef3ff9-b380-44f0-9315-8b3714b0948d@huaweicloud.com/T/#m8a3b3f88f0ff3da5925d342e90043394f8b2091b Signed-off-by: Chen Ridong <chenridong@huawei.com> Signed-off-by: Tejun Heo <tj@kernel.org> (cherry picked from commit 94a4acf) Signed-off-by: Jonathan Maple <jmaple@ciq.com>
diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
@@ -4113,6 +4113,7 @@ static void cgroup_file_release(struct kernfs_open_file *of)
 		cft->release(of);
 	put_cgroup_ns(ctx->ns);
 	kfree(ctx);
+	of->priv = NULL;
 }
 
 static ssize_t cgroup_file_write(struct kernfs_open_file *of, char *buf,

Original file line number	Diff line number	Diff line change
`@@ -4113,6 +4113,7 @@ static void cgroup_file_release(struct kernfs_open_file *of)`
`4113`	`4113`	`cft->release(of);`
`4114`	`4114`	`put_cgroup_ns(ctx->ns);`
`4115`	`4115`	`kfree(ctx);`
	`4116`	`+ of->priv = NULL;`
`4116`	`4117`	`}`
`4117`	`4118`
`4118`	`4119`	`static ssize_t cgroup_file_write(struct kernfs_open_file of, char buf,`