CVE-2021-47011: Linux Kernel Memory Management Vulnerability Resolved (mm: memcontrol: slab: fix obtain a reference to a freeing memcg)

In the Linux Kernel, a recent vulnerability has been resolved related to memory management. The issue, identified as CVE-2021-47011, addressed a problem in the kernel's memory management subsystem, specifically in the 'mm: memcontrol: slab' component. The patch series "Use obj_cgroup APIs to charge kmem pages", v5, aims to resolve this issue.

The vulnerability stems from certain objects not being charged with the new APIs of obj_cgroup. Instead, they were still charged as kernel memory (kmem) pages, which held a reference to the memory cgroup. This could lead to improper references being held even when cgroups were removed.

One example of this issue involves the kernel stack, which could be charged as kmem pages due to its size being greater than two pages. If a thread was moved from one memory cgroup to another, the original memory cgroup could still be pinned in memory despite being removed. This could potentially lead to problems associated with kernel memory management.

The patch series resolves the issue by allowing kmem pages to drop their reference to memory cgroup using the APIs of obj_cgroup. This ensures that the number of dying cgroups will not increase when running the test script provided earlier.

The following code snippet is a portion of the patch that resolves the issue

  rcu_read_lock()
  memcg = obj_cgroup_memcg(old)
  __memcg_kmem_uncharge(memcg)
      refill_stock(memcg)
          if (stock->cached != memcg)
              // css_get can change the ref counter from  back to 1.
              css_get(&memcg->css)
  rcu_read_unlock()

This fix is very similar to the commit from eefbfa7fd678 ("mm: memcg/slab: fix use after free in obj_cgroup_charge"), which required holding a reference to the memcg being passed to the __memcg_kmem_uncharge() function.

Original references

- Patch series "Use obj_cgroup APIs to charge kmem pages": Link
- Commit eefbfa7fd678 ("mm: memcg/slab: fix use after free in obj_cgroup_charge"): Link

Exploit details

An attacker exploiting this vulnerability could potentially cause improper memory management within the Linux kernel, resulting in performance and reliability issues. However, this vulnerability does not directly lead to compromising system security or leaking sensitive data. The patch series, once applied, ensures that the Linux kernel correctly manages memory allocation and prevents improper references from being held when memory cgroups are removed.

In conclusion, CVE-2021-47011 is an important vulnerability that affects the Linux kernel's memory management subsystem. The patch series provided resolves the issue, allowing for proper memory allocation and management. It is recommended that users and administrators apply this patch to their systems, ensuring the continued stability and performance of their Linux environments.

Timeline

Published on: 02/28/2024 09:15:38 UTC
Last modified on: 02/28/2024 14:06:45 UTC