In the Linux kernel, the following vulnerability has been resolved:
mm/memory-failure: make sure wait for page writeback in memory_failure Our
syzkaller trigger the “BUG_ON(!list_empty(&inode->i_wb_list))” in
clear_inode: kernel BUG at fs/inode.c:519! Internal error: Oops - BUG: 0
[#1] SMP Modules linked in: Process syz-executor.0 (pid: 249, stack limit =
0x00000000a12409d7) CPU: 1 PID: 249 Comm: syz-executor.0 Not tainted
4.19.95 Hardware name: linux,dummy-virt (DT) pstate: 80000005 (Nzcv daif
-PAN -UAO) pc : clear_inode+0x280/0x2a8 lr : clear_inode+0x280/0x2a8 Call
trace: clear_inode+0x280/0x2a8 ext4_clear_inode+0x38/0xe8
ext4_free_inode+0x130/0xc68 ext4_evict_inode+0xb20/0xcb8 evict+0x1a8/0x3c0
iput+0x344/0x460 do_unlinkat+0x260/0x410 __arm64_sys_unlinkat+0x6c/0xc0
el0_svc_common+0xdc/0x3b0 el0_svc_handler+0xf8/0x160 el0_svc+0x10/0x218
Kernel panic - not syncing: Fatal exception A crash dump of this problem
show that someone called __munlock_pagevec to clear page LRU without
lock_page: do_mmap -> mmap_region -> do_munmap -> munlock_vma_pages_range
-> __munlock_pagevec. As a result memory_failure will call
identify_page_state without wait_on_page_writeback. And after
truncate_error_page clear the mapping of this page. end_page_writeback
won’t call sb_clear_inode_writeback to clear inode->i_wb_list. That will
trigger BUG_ON in clear_inode! Fix it by checking PageWriteback too to help
determine should we skip wait_on_page_writeback.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 23.10 | noarch | linux | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 14.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < any | UNKNOWN |
git.kernel.org/linus/e8675d291ac007e1c636870db880f837a9ea112a (5.13-rc7)
git.kernel.org/stable/c/28788dc5c70597395b6b451dae4549bbaa8e2c56
git.kernel.org/stable/c/566345aaabac853aa866f53a219c4b02a6beb527
git.kernel.org/stable/c/6d210d547adc2218ef8b5bcf23518c5f2f1fd872
git.kernel.org/stable/c/9e379da727a7a031be9b877cde7b9c34a0fb8306
git.kernel.org/stable/c/d05267fd27a5c4f54e06daefa3035995d765ca0c
git.kernel.org/stable/c/e8675d291ac007e1c636870db880f837a9ea112a
launchpad.net/bugs/cve/CVE-2021-47256
nvd.nist.gov/vuln/detail/CVE-2021-47256
security-tracker.debian.org/tracker/CVE-2021-47256
www.cve.org/CVERecord?id=CVE-2021-47256