Drop "UBUNTU: SAUCE: cachefiles: Page leaking in cachefiles_read_backing_file while vmscan is active"
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Unassigned | ||
Hirsute |
Fix Released
|
Undecided
|
Unassigned | ||
Impish |
Fix Released
|
Undecided
|
Unassigned | ||
Jammy |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[Impact]
"UBUNTU: SAUCE: cachefiles: Page leaking in cachefiles_
However a slightly different fix has been applied upstream:
9a24ce5b66f9c81
Basically we are fixing the same issue in two different ways at the same time, but even worse our patch an introduce a potential NULL pointer dereference: we do a put_page(newpage) and set newpage = NULL in the main for() loop and then we may do additional put_page(newpage) after the main for loop if ret == -EEXIST, that would trigger the NULL pointer dereference.
[Test case]
No test case or reproducer is available at the moment, this issue has been found simply by reviewing the code.
[Fix]
Drop the SAUCE patch and rely on the upstream fix.
[Regression potential]
If the analysis is not correct we may re-introduce a page leak in
cachefiles (NFS for example), but it seems unlikely to happen, since the upstream fix is addressing the page leaking already.
description: | updated |
Changed in linux (Ubuntu Bionic): | |
status: | New → Confirmed |
Changed in linux (Ubuntu Focal): | |
status: | Incomplete → Confirmed |
Changed in linux (Ubuntu Hirsute): | |
status: | Incomplete → Confirmed |
Changed in linux (Ubuntu Impish): | |
status: | Incomplete → Confirmed |
Changed in linux (Ubuntu Jammy): | |
status: | Incomplete → Confirmed |
Changed in linux (Ubuntu Bionic): | |
status: | Confirmed → Fix Committed |
Changed in linux (Ubuntu Focal): | |
status: | Confirmed → Fix Committed |
Changed in linux (Ubuntu Hirsute): | |
status: | Confirmed → Fix Committed |
Changed in linux (Ubuntu Impish): | |
status: | Confirmed → Fix Committed |
This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:
apport-collect 1947709
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the Ubuntu Kernel Team.