In the Linux kernel, the following vulnerability has been resolved: cgroup:
Fix memory leak caused by missing cgroup_bpf_offline When enabling
CONFIG_CGROUP_BPF, kmemleak can be observed by running the command as
below: $mount -t cgroup -o none,name=foo cgroup cgroup/ $umount cgroup/
unreferenced object 0xc3585c40 (size 64): comm “mount”, pid 425, jiffies
4294959825 (age 31.990s) hex dump (first 32 bytes): 01 00 00 80 84 8c 28 c0
00 00 00 00 00 00 00 00 …(… 00 00 00 00 00 00 00 00 6c 43 a0
c3 00 00 00 00 …lC… backtrace: [<e95a2f9e>]
cgroup_bpf_inherit+0x44/0x24c [<1f03679c>] cgroup_setup_root+0x174/0x37c
[<ed4b0ac5>] cgroup1_get_tree+0x2c0/0x4a0 [<f85b12fd>]
vfs_get_tree+0x24/0x108 [<f55aec5c>] path_mount+0x384/0x988 [<e2d5e9cd>]
do_mount+0x64/0x9c [<208c9cfe>] sys_mount+0xfc/0x1f4 [<06dd06e0>]
ret_fast_syscall+0x0/0x48 [<a8308cb3>] 0xbeb4daa8 This is because that
since the commit 2b0d3d3e4fcf (“percpu_ref: reduce memory footprint of
percpu_ref in fast path”) root_cgrp->bpf.refcnt.data is allocated by the
function percpu_ref_init in cgroup_bpf_inherit which is called by
cgroup_setup_root when mounting, but not freed along with root_cgrp when
umounting. Adding cgroup_bpf_offline which calls percpu_ref_kill to
cgroup_kill_sb can free root_cgrp->bpf.refcnt.data in umount path. This
patch also fixes the commit 4bfc0bb2c60e (“bpf: decouple the lifetime of
cgroup_bpf from cgroup itself”). A cgroup_bpf_offline is needed to do a
cleanup that frees the resources which are allocated by cgroup_bpf_inherit
in cgroup_setup_root. And inside cgroup_bpf_offline, cgroup_get() is at the
beginning and cgroup_put is at the end of cgroup_bpf_release which is
called by cgroup_bpf_offline. So cgroup_bpf_offline can keep the balance of
cgroup’s refcount.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 23.10 | noarch | linux | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 14.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < any | UNKNOWN |
git.kernel.org/linus/04f8ef5643bcd8bcde25dfdebef998aea480b2ba (5.15)
git.kernel.org/stable/c/01599bf7cc2b49c3d2be886cb438647dc25446ed
git.kernel.org/stable/c/04f8ef5643bcd8bcde25dfdebef998aea480b2ba
git.kernel.org/stable/c/b529f88d93884cf8ccafda793ee3d27b82fa578d
launchpad.net/bugs/cve/CVE-2021-47488
nvd.nist.gov/vuln/detail/CVE-2021-47488
security-tracker.debian.org/tracker/CVE-2021-47488
www.cve.org/CVERecord?id=CVE-2021-47488