ACK: [SRU][F]PATCH 0/1] CVE-2021-47119

Manuel Diewald manuel.diewald at canonical.com
Fri Feb 14 14:30:35 UTC 2025 

On Fri, Feb 14, 2025 at 01:50:37PM +0000, Andrei Gherzan wrote:
> [Impact]
> 
> ext4: fix memory leak in ext4_fill_super
> 
> Buffer head references must be released before calling kill_bdev();
> otherwise the buffer head (and its page referenced by b_data) will not
> be freed by kill_bdev, and subsequently that bh will be leaked.
> 
> If blocksizes differ, sb_set_blocksize() will kill current buffers and
> page cache by using kill_bdev(). And then super block will be reread
> again but using correct blocksize this time. sb_set_blocksize() didn't
> fully free superblock page and buffer head, and being busy, they were
> not freed and instead leaked.
> 
> This can easily be reproduced by calling an infinite loop of:
> 
>   systemctl start <ext4_on_lvm>.mount, and
>   systemctl stop <ext4_on_lvm>.mount
> 
> ... since systemd creates a cgroup for each slice which it mounts, and
> the bh leak get amplified by a dying memory cgroup that also never
> gets freed, and memory consumption is much more easily noticed.
> 
> [Backport]
> 
> oracular: Not affected
> noble:    Not affected
> jammy:    Not affected
> focal:    Fix had to be backported due to fcrypt support for
>           test_dummy_encryption=v2 introduced in 5.8.
> bionic:	  Fix sent to the ESM mailing list.
> xenial:	  Fix sent to the ESM mailing list.
> trusty:	  Fix sent to the ESM mailing list.
> 
> 
> [Test Case]
> 
> * Compiled the kernels with the fix.
> * Booted the packages with the fix.
> * Exercised with a series of ext4 mounts and umounts.
> 
> [Where problems could occur]
> 
> Issues might appear in the ext4 filesystem.
> 
> Alexey Makhalov (1):
>   ext4: fix memory leak in ext4_fill_super
> 
>  fs/ext4/super.c | 11 +++++++++--
>  1 file changed, 9 insertions(+), 2 deletions(-)
> 
> -- 
> 2.43.0
> 
> 
> -- 
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team

Acked-by: Manuel Diewald <manuel.diewald at canonical.com>

-- 
 Manuel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20250214/0453e2c5/attachment.sig>

More information about the kernel-team mailing list