概要

In the Linux kernel, the following vulnerability has been resolved: mm/damon/vaddr-test: fix memory leak in damon_do_test_apply_three_regions() When CONFIG_DAMON_VADDR_KUNIT_TEST=y and making CONFIG_DEBUG_KMEMLEAK=y and CONFIG_DEBUG_KMEMLEAK_AUTO_SCAN=y, the below memory leak is detected. Since commit 9f86d624292c ("mm/damon/vaddr-test: remove unnecessary variables"), the damon_destroy_ctx() is removed, but still call damon_new_target() and damon_new_region(), the damon_region which is allocated by kmem_cache_alloc() in damon_new_region() and the damon_target which is allocated by kmalloc in damon_new_target() are not freed. And the damon_region which is allocated in damon_new_region() in damon_set_regions() is also not freed. So use damon_destroy_target to free all the damon_regions and damon_target. unreferenced object 0xffff888107c9a940 (size 64): comm "kunit_try_catch", pid 1069, jiffies 4294670592 (age 732.761s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 06 00 00 00 6b 6b 6b 6b ............kkkk 60 c7 9c 07 81 88 ff ff f8 cb 9c 07 81 88 ff ff `............... backtrace: [<ffffffff817e0167&gt;] kmalloc_trace+0x27/0xa0 [<ffffffff819c11cf&gt;] damon_new_target+0x3f/0x1b0 [<ffffffff819c7d55&gt;] damon_do_test_apply_three_regions.constprop.0+0x95/0x3e0 [<ffffffff819c82be&gt;] damon_test_apply_three_regions1+0x21e/0x260 [<ffffffff829fce6a&gt;] kunit_generic_run_threadfn_adapter+0x4a/0x90 [<ffffffff81237cf6&gt;] kthread+0x2b6/0x380 [<ffffffff81097add&gt;] ret_from_fork+0x2d/0x70 [<ffffffff81003791&gt;] ret_from_fork_asm+0x11/0x20 unreferenced object 0xffff8881079cc740 (size 56): comm "kunit_try_catch", pid 1069, jiffies 4294670592 (age 732.761s) hex dump (first 32 bytes): 05 00 00 00 00 00 00 00 14 00 00 00 00 00 00 00 ................ 6b 6b 6b 6b 6b 6b 6b 6b 00 00 00 00 6b 6b 6b 6b kkkkkkkk....kkkk backtrace: [<ffffffff819bc492&gt;] damon_new_region+0x22/0x1c0 [<ffffffff819c7d91&gt;] damon_do_test_apply_three_regions.constprop.0+0xd1/0x3e0 [<ffffffff819c82be&gt;] damon_test_apply_three_regions1+0x21e/0x260 [<ffffffff829fce6a&gt;] kunit_generic_run_threadfn_adapter+0x4a/0x90 [<ffffffff81237cf6&gt;] kthread+0x2b6/0x380 [<ffffffff81097add&gt;] ret_from_fork+0x2d/0x70 [<ffffffff81003791&gt;] ret_from_fork_asm+0x11/0x20 unreferenced object 0xffff888107c9ac40 (size 64): comm "kunit_try_catch", pid 1071, jiffies 4294670595 (age 732.843s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 06 00 00 00 6b 6b 6b 6b ............kkkk a0 cc 9c 07 81 88 ff ff 78 a1 76 07 81 88 ff ff ........x.v..... backtrace: [<ffffffff817e0167&gt;] kmalloc_trace+0x27/0xa0 [<ffffffff819c11cf&gt;] damon_new_target+0x3f/0x1b0 [<ffffffff819c7d55&gt;] damon_do_test_apply_three_regions.constprop.0+0x95/0x3e0 [<ffffffff819c851e&gt;] damon_test_apply_three_regions2+0x21e/0x260 [<ffffffff829fce6a&gt;] kunit_generic_run_threadfn_adapter+0x4a/0x90 [<ffffffff81237cf6&gt;] kthread+0x2b6/0x380 [<ffffffff81097add&gt;] ret_from_fork+0x2d/0x70 [<ffffffff81003791&gt;] ret_from_fork_asm+0x11/0x20 unreferenced object 0xffff8881079ccc80 (size 56): comm "kunit_try_catch", pid 1071, jiffies 4294670595 (age 732.843s) hex dump (first 32 bytes): 05 00 00 00 00 00 00 00 14 00 00 00 00 00 00 00 ................ 6b 6b 6b 6b 6b 6b 6b 6b 00 00 00 00 6b 6b 6b 6b kkkkkkkk....kkkk backtrace: [<ffffffff819bc492&gt;] damon_new_region+0x22/0x1c0 [<ffffffff819c7d91&gt;] damon_do_test_apply_three_regions.constprop.0+0xd1/0x3e0 [<ffffffff819c851e&gt;] damon_test_apply_three_regions2+0x21e/0x260 [<ffffffff829fce6a&gt;] kunit_generic_run_threadfn_adapter+0x4a/0x90 [<ffffffff81237cf6&gt;] kthread+0x2b6/0x380 [<ffffffff81097add&gt;] ret_from_fork+0x2d/0x70 [<ffff ---truncated---

CVSS v3 指标

安全公告

影响产品