Public bug reported:
[Impact]
"UBUNTU: SAUCE: cachefiles: Page leaking in cachefiles_read_backing_file
while vmscan is active" has been applied to fix a page leaking issue.
However a slightly different fix has been applied upstream:
9a24ce5b66f9c8190d63b15f4473600db4935f1f cachefiles: Fix page leak in
cachefiles_read_backing_file while vmscan is active
Basically we are fixing the same issue in two different ways at the same
time, but even worse our patch an introduce a potential NULL pointer
dereference: we do a put_page(newpage) and set newpage = NULL in the
main for() loop and then we may do additional put_page(newpage) after
the main for loop if ret == -EEXIST, that would trigger the NULL pointer
dereference.
[Test case]
No test case or reproducer is available at the moment, this issue has
been found simply by reviewing the code.
[Fix]
Drop the SAUCE patch and rely on the upstream fix.
[Regression potential]
If the analysis is not correct we may re-introduce a page leak in
cachefiles (NFS for example), but it seems unlikely to happen, since the
upstream fix is addressing the page leaking already.
I think we should really drop this SAUCE patch from all the kernels that are
applying the upstream fix already (9a24ce5b66f9c8190d63b15f4473600db4935f1f).
** Affects: linux (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1947709
Title:
Drop "UBUNTU: SAUCE: cachefiles: Page leaking in
cachefiles_read_backing_file while vmscan is active"
Status in linux package in Ubuntu:
New
Bug description:
[Impact]
"UBUNTU: SAUCE: cachefiles: Page leaking in
cachefiles_read_backing_file while vmscan is active" has been applied
to fix a page leaking issue.
However a slightly different fix has been applied upstream:
9a24ce5b66f9c8190d63b15f4473600db4935f1f cachefiles: Fix page leak in
cachefiles_read_backing_file while vmscan is active
Basically we are fixing the same issue in two different ways at the
same time, but even worse our patch an introduce a potential NULL
pointer dereference: we do a put_page(newpage) and set newpage = NULL
in the main for() loop and then we may do additional put_page(newpage)
after the main for loop if ret == -EEXIST, that would trigger the NULL
pointer dereference.
[Test case]
No test case or reproducer is available at the moment, this issue has
been found simply by reviewing the code.
[Fix]
Drop the SAUCE patch and rely on the upstream fix.
[Regression potential]
If the analysis is not correct we may re-introduce a page leak in
cachefiles (NFS for example), but it seems unlikely to happen, since the
upstream fix is addressing the page leaking already.
I think we should really drop this SAUCE patch from all the kernels that are
applying the upstream fix already (9a24ce5b66f9c8190d63b15f4473600db4935f1f).
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1947709/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
