An oversight in the Linux kernel’s Direct Rendering Manager (DRM) graphics driver common code could allow unprivileged users to trigger unbounded kernel memory consumption for a potential system-wide out-of-memory “OOM” situation.
It turns out the DRM driver’s DRM_IOCTL_MODE_CREATEPROPBLOB interface for letting user-space allocate arbitrary-sized property blobs wasn’t properly accounting for that kernel memory. The blob allocations were not attributed to the memory control group “memcg” of the user process. Thus unprivileged users potentially causing unbounded kernel memory consumption to the point of triggering system out-of-memory errors.
But there is now a one-line code fix on the way so that those blob allocations are properly accounted for to that user process so that cgroup memory limits and friends are properly handled.
That fix by Xiao Kan was submitted today in drm-misc-next as part of the DRM changes being queued for the upcoming Linux 6.20~7.0 merge window. That’s the main item to note with the drm-misc-next pull request with the other changes for the week being mostly small fixes and other alterations.
