| 2021-10-19 10:03:01 |
Andrea Righi |
bug |
|
|
added bug |
| 2021-10-19 10:15:10 |
Andrea Righi |
nominated for series |
|
Ubuntu Impish |
|
| 2021-10-19 10:15:10 |
Andrea Righi |
bug task added |
|
linux (Ubuntu Impish) |
|
| 2021-10-19 10:15:10 |
Andrea Righi |
nominated for series |
|
Ubuntu Jammy |
|
| 2021-10-19 10:15:10 |
Andrea Righi |
bug task added |
|
linux (Ubuntu Jammy) |
|
| 2021-10-19 10:15:10 |
Andrea Righi |
nominated for series |
|
Ubuntu Focal |
|
| 2021-10-19 10:15:10 |
Andrea Righi |
bug task added |
|
linux (Ubuntu Focal) |
|
| 2021-10-19 10:15:10 |
Andrea Righi |
nominated for series |
|
Ubuntu Hirsute |
|
| 2021-10-19 10:15:10 |
Andrea Righi |
bug task added |
|
linux (Ubuntu Hirsute) |
|
| 2021-10-19 10:29:59 |
Andrea Righi |
description |
[Impact]
"UBUNTU: SAUCE: cachefiles: Page leaking in cachefiles_read_backing_file while vmscan is active" has been applied to fix a page leaking issue.
However a slightly different fix has been applied upstream:
9a24ce5b66f9c8190d63b15f4473600db4935f1f cachefiles: Fix page leak in cachefiles_read_backing_file while vmscan is active
Basically we are fixing the same issue in two different ways at the same time, but even worse our patch an introduce a potential NULL pointer dereference: we do a put_page(newpage) and set newpage = NULL in the main for() loop and then we may do additional put_page(newpage) after the main for loop if ret == -EEXIST, that would trigger the NULL pointer dereference.
[Test case]
No test case or reproducer is available at the moment, this issue has been found simply by reviewing the code.
[Fix]
Drop the SAUCE patch and rely on the upstream fix.
[Regression potential]
If the analysis is not correct we may re-introduce a page leak in
cachefiles (NFS for example), but it seems unlikely to happen, since the upstream fix is addressing the page leaking already.
I think we should really drop this SAUCE patch from all the kernels that are applying the upstream fix already (9a24ce5b66f9c8190d63b15f4473600db4935f1f). |
[Impact]
"UBUNTU: SAUCE: cachefiles: Page leaking in cachefiles_read_backing_file while vmscan is active" has been applied to fix a page leaking issue.
However a slightly different fix has been applied upstream:
9a24ce5b66f9c8190d63b15f4473600db4935f1f cachefiles: Fix page leak in cachefiles_read_backing_file while vmscan is active
Basically we are fixing the same issue in two different ways at the same time, but even worse our patch an introduce a potential NULL pointer dereference: we do a put_page(newpage) and set newpage = NULL in the main for() loop and then we may do additional put_page(newpage) after the main for loop if ret == -EEXIST, that would trigger the NULL pointer dereference.
[Test case]
No test case or reproducer is available at the moment, this issue has been found simply by reviewing the code.
[Fix]
Drop the SAUCE patch and rely on the upstream fix.
[Regression potential]
If the analysis is not correct we may re-introduce a page leak in
cachefiles (NFS for example), but it seems unlikely to happen, since the upstream fix is addressing the page leaking already. |
|
| 2021-10-19 10:30:07 |
Ubuntu Kernel Bot |
linux (Ubuntu): status |
New |
Incomplete |
|
| 2021-10-19 10:30:11 |
Ubuntu Kernel Bot |
linux (Ubuntu Focal): status |
New |
Incomplete |
|
| 2021-10-19 10:30:15 |
Ubuntu Kernel Bot |
linux (Ubuntu Hirsute): status |
New |
Incomplete |
|
| 2021-10-19 10:30:17 |
Ubuntu Kernel Bot |
linux (Ubuntu Impish): status |
New |
Incomplete |
|
| 2021-10-19 15:06:21 |
Andrea Righi |
nominated for series |
|
Ubuntu Bionic |
|
| 2021-10-19 15:06:21 |
Andrea Righi |
bug task added |
|
linux (Ubuntu Bionic) |
|
| 2021-10-19 15:06:32 |
Andrea Righi |
linux (Ubuntu Bionic): status |
New |
Confirmed |
|
| 2021-10-19 15:06:34 |
Andrea Righi |
linux (Ubuntu Focal): status |
Incomplete |
Confirmed |
|
| 2021-10-19 15:06:36 |
Andrea Righi |
linux (Ubuntu Hirsute): status |
Incomplete |
Confirmed |
|
| 2021-10-19 15:06:38 |
Andrea Righi |
linux (Ubuntu Impish): status |
Incomplete |
Confirmed |
|
| 2021-10-19 15:06:39 |
Andrea Righi |
linux (Ubuntu Jammy): status |
Incomplete |
Confirmed |
|
| 2021-11-04 15:49:26 |
Kleber Sacilotto de Souza |
linux (Ubuntu Bionic): status |
Confirmed |
Fix Committed |
|
| 2021-11-04 15:57:56 |
Kleber Sacilotto de Souza |
linux (Ubuntu Focal): status |
Confirmed |
Fix Committed |
|
| 2021-11-04 15:57:58 |
Kleber Sacilotto de Souza |
linux (Ubuntu Hirsute): status |
Confirmed |
Fix Committed |
|
| 2021-11-04 15:58:00 |
Kleber Sacilotto de Souza |
linux (Ubuntu Impish): status |
Confirmed |
Fix Committed |
|
| 2021-11-09 12:37:29 |
Ubuntu Kernel Bot |
tags |
|
verification-needed-impish |
|
| 2021-11-09 12:39:48 |
Ubuntu Kernel Bot |
tags |
verification-needed-impish |
verification-needed-hirsute verification-needed-impish |
|
| 2021-11-09 12:42:35 |
Ubuntu Kernel Bot |
tags |
verification-needed-hirsute verification-needed-impish |
verification-needed-focal verification-needed-hirsute verification-needed-impish |
|
| 2021-11-09 12:45:57 |
Ubuntu Kernel Bot |
tags |
verification-needed-focal verification-needed-hirsute verification-needed-impish |
verification-needed-bionic verification-needed-focal verification-needed-hirsute verification-needed-impish |
|
| 2021-11-23 15:50:55 |
Stefan Bader |
tags |
verification-needed-bionic verification-needed-focal verification-needed-hirsute verification-needed-impish |
verification-done-hirsute verification-needed-bionic verification-needed-focal verification-needed-impish |
|
| 2021-11-23 23:16:51 |
Kelsey Steele |
tags |
verification-done-hirsute verification-needed-bionic verification-needed-focal verification-needed-impish |
verification-done-bionic verification-done-focal verification-done-hirsute verification-done-impish |
|
| 2021-11-29 14:48:38 |
Launchpad Janitor |
linux (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|
| 2021-11-29 14:52:06 |
Launchpad Janitor |
linux (Ubuntu Focal): status |
Fix Committed |
Fix Released |
|
| 2021-11-29 14:57:38 |
Launchpad Janitor |
linux (Ubuntu Hirsute): status |
Fix Committed |
Fix Released |
|
| 2021-11-29 14:57:38 |
Launchpad Janitor |
cve linked |
|
2021-3744 |
|
| 2021-11-29 14:57:38 |
Launchpad Janitor |
cve linked |
|
2021-3764 |
|
| 2021-11-29 14:59:48 |
Launchpad Janitor |
linux (Ubuntu Impish): status |
Fix Committed |
Fix Released |
|
| 2022-01-17 16:49:01 |
Launchpad Janitor |
linux (Ubuntu Jammy): status |
Confirmed |
Fix Released |
|
