** Description changed: [Impact] "UBUNTU: SAUCE: cachefiles: Page leaking in cachefiles_read_backing_file while vmscan is active" has been applied to fix a page leaking issue. However a slightly different fix has been applied upstream: 9a24ce5b66f9c8190d63b15f4473600db4935f1f cachefiles: Fix page leak in cachefiles_read_backing_file while vmscan is active Basically we are fixing the same issue in two different ways at the same time, but even worse our patch an introduce a potential NULL pointer dereference: we do a put_page(newpage) and set newpage = NULL in the main for() loop and then we may do additional put_page(newpage) after the main for loop if ret == -EEXIST, that would trigger the NULL pointer dereference. [Test case] No test case or reproducer is available at the moment, this issue has been found simply by reviewing the code. [Fix] Drop the SAUCE patch and rely on the upstream fix. [Regression potential] - If the analysis is not correct we may re-introduce a page leak in + If the analysis is not correct we may re-introduce a page leak in cachefiles (NFS for example), but it seems unlikely to happen, since the upstream fix is addressing the page leaking already. - I think we should really drop this SAUCE patch from all the kernels that are applying the upstream fix already (9a24ce5b66f9c8190d63b15f4473600db4935f1f).
-- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1947709 Title: Drop "UBUNTU: SAUCE: cachefiles: Page leaking in cachefiles_read_backing_file while vmscan is active" Status in linux package in Ubuntu: Incomplete Status in linux source package in Focal: Incomplete Status in linux source package in Hirsute: Incomplete Status in linux source package in Impish: Incomplete Status in linux source package in Jammy: Incomplete Bug description: [Impact] "UBUNTU: SAUCE: cachefiles: Page leaking in cachefiles_read_backing_file while vmscan is active" has been applied to fix a page leaking issue. However a slightly different fix has been applied upstream: 9a24ce5b66f9c8190d63b15f4473600db4935f1f cachefiles: Fix page leak in cachefiles_read_backing_file while vmscan is active Basically we are fixing the same issue in two different ways at the same time, but even worse our patch an introduce a potential NULL pointer dereference: we do a put_page(newpage) and set newpage = NULL in the main for() loop and then we may do additional put_page(newpage) after the main for loop if ret == -EEXIST, that would trigger the NULL pointer dereference. [Test case] No test case or reproducer is available at the moment, this issue has been found simply by reviewing the code. [Fix] Drop the SAUCE patch and rely on the upstream fix. [Regression potential] If the analysis is not correct we may re-introduce a page leak in cachefiles (NFS for example), but it seems unlikely to happen, since the upstream fix is addressing the page leaking already. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1947709/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
