漏洞标题
-mm: zswap: 修复写回竞争路径中缺失的folio清理
漏洞描述信息
在Linux内核中,已解决以下漏洞:
mm:zswap:修复写回竞争路径中遗漏的folio清理
在zswap_writeback_entry()中,从__read_swap_cache_async()获取folio后,我们再次获取树锁以检查交换项是否未被无效化和回收。如果是,则删除刚添加到交换缓存的folio并退出。
但是,当新分配folio时,__read_swap_cache_async()返回已锁定的folio,对于此路径总是如此,folio还被引用。确保在返回之前解锁并释放folio。
这是通过代码审查发现的,可能是因为此路径处理的竞态条件不应该经常发生,而且该错误不会导致系统崩溃,只会无限期地挂起folio。
CVSS信息
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
漏洞类别
使用共享资源的并发执行不恰当同步问题(竞争条件)
漏洞标题
mm: zswap: fix missing folio cleanup in writeback race path
漏洞描述信息
In the Linux kernel, the following vulnerability has been resolved:
mm: zswap: fix missing folio cleanup in writeback race path
In zswap_writeback_entry(), after we get a folio from
__read_swap_cache_async(), we grab the tree lock again to check that the
swap entry was not invalidated and recycled. If it was, we delete the
folio we just added to the swap cache and exit.
However, __read_swap_cache_async() returns the folio locked when it is
newly allocated, which is always true for this path, and the folio is
ref'd. Make sure to unlock and put the folio before returning.
This was discovered by code inspection, probably because this path handles
a race condition that should not happen often, and the bug would not crash
the system, it will only strand the folio indefinitely.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Linux kernel 安全漏洞
漏洞描述信息
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于在写回竞赛路径中缺少对作品集的清理。
CVSS信息
N/A
漏洞类别
其他