] cgroup_bpf_inherit+0x44/0x24c [<1f03679c>] cgroup_setup_root+0x174/0x37c [] cgroup1_get_tree+0x2c0/0x4a0 [] vfs_get_tree+0x24/0x108 [] path_mount+0x384/0x988 [] do_mount+0x64/0x9c [<208c9cfe>] sys_mount+0xfc/0x1f4 [<06dd06e0>] ret_fast_syscall+0x0/0x48 [] 0xbeb4daa8 This is because that since the commit 2b0d3d3e4fcf ("percpu_ref: reduce memory footprint of percpu_ref in fast path") root_cgrp->bpf.refcnt.data is allocated by the function percpu_ref_init in cgroup_bpf_inherit which is called by cgroup_setup_root when mounting, but not freed along with root_cgrp when umounting. Adding cgroup_bpf_offline which calls percpu_ref_kill to cgroup_kill_sb can free root_cgrp->bpf.refcnt.data in umount path. This patch also fixes the commit 4bfc0bb2c60e ("bpf: decouple the lifetime of cgroup_bpf from cgroup itself"). A cgroup_bpf_offline is needed to do a cleanup that frees the resources which are allocated by cgroup_bpf_inherit in cgroup_setup_root. And inside cgroup_bpf_offline, cgroup_get() is at the beginning and cgroup_put is at the end of cgroup_bpf_release which is called by cgroup_bpf_offline. So cgroup_bpf_offline can keep the balance of cgroup's refcount. "> ],cgroup_bpf_inherit+0x44/0x24c [<1f03679c>],cgroup_setup_root+0x174/0x37c,[] cgroup1_get_tree+0x2c0/0x4a0,[],vfs_get_tree+0x24/0x108 [],path_mount+0x384/0x988,[],do_mount+0x64/0x9c [<208c9cfe>],sys_mount+0xfc/0x1f4,[<06dd06e0>] ret_fast_syscall+0x0/0x48,[],0xbeb4daa8,This,is,because,that since,the,commit,2b0d3d3e4fcf,("percpu_ref:,reduce,memory,footprint,of percpu_ref,in,fast,path"),root_cgrp->bpf.refcnt.data,is,allocated,by the,function,percpu_ref_init,in,cgroup_bpf_inherit,which,is,called,by cgroup_setup_root,when,mounting,,but,not,freed,along,with,root_cgrp when,umounting.,Adding,cgroup_bpf_offline,which,calls,percpu_ref_kill to,cgroup_kill_sb,can,free,root_cgrp->bpf.refcnt.data,in,umount,path. This,patch,also,fixes,the,commit,4bfc0bb2c60e,("bpf:,decouple,the lifetime,of,cgroup_bpf,from,cgroup,itself").,A,cgroup_bpf_offline,is needed,to,do,a,cleanup,that,frees,the,resources,which,are,allocated,by cgroup_bpf_inherit,in,cgroup_setup_root.,And,inside cgroup_bpf_offline,,cgroup_get(),is,at,the,beginning,and,cgroup_put,is at,the,end,of,cgroup_bpf_release,which,is,called,by cgroup_bpf_offline.,So,cgroup_bpf_offline,can,keep,the,balance,of cgroup's,refcount. "> SecuritySpace - CVE-2021-47488
 
English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2021-47488
Description:In the Linux kernel, the following vulnerability has been resolved: cgroup: Fix memory leak caused by missing cgroup_bpf_offline When enabling CONFIG_CGROUP_BPF, kmemleak can be observed by running the command as below: $mount -t cgroup -o none,name=foo cgroup cgroup/ $umount cgroup/ unreferenced object 0xc3585c40 (size 64): comm "mount", pid 425, jiffies 4294959825 (age 31.990s) hex dump (first 32 bytes): 01 00 00 80 84 8c 28 c0 00 00 00 00 00 00 00 00 ......(......... 00 00 00 00 00 00 00 00 6c 43 a0 c3 00 00 00 00 ........lC...... backtrace: [] cgroup_bpf_inherit+0x44/0x24c [<1f03679c>] cgroup_setup_root+0x174/0x37c [] cgroup1_get_tree+0x2c0/0x4a0 [] vfs_get_tree+0x24/0x108 [] path_mount+0x384/0x988 [] do_mount+0x64/0x9c [<208c9cfe>] sys_mount+0xfc/0x1f4 [<06dd06e0>] ret_fast_syscall+0x0/0x48 [] 0xbeb4daa8 This is because that since the commit 2b0d3d3e4fcf ("percpu_ref: reduce memory footprint of percpu_ref in fast path") root_cgrp->bpf.refcnt.data is allocated by the function percpu_ref_init in cgroup_bpf_inherit which is called by cgroup_setup_root when mounting, but not freed along with root_cgrp when umounting. Adding cgroup_bpf_offline which calls percpu_ref_kill to cgroup_kill_sb can free root_cgrp->bpf.refcnt.data in umount path. This patch also fixes the commit 4bfc0bb2c60e ("bpf: decouple the lifetime of cgroup_bpf from cgroup itself"). A cgroup_bpf_offline is needed to do a cleanup that frees the resources which are allocated by cgroup_bpf_inherit in cgroup_setup_root. And inside cgroup_bpf_offline, cgroup_get() is at the beginning and cgroup_put is at the end of cgroup_bpf_release which is called by cgroup_bpf_offline. So cgroup_bpf_offline can keep the balance of cgroup's refcount.
Test IDs: None available
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2021-47488
https://git.kernel.org/stable/c/01599bf7cc2b49c3d2be886cb438647dc25446ed
https://git.kernel.org/stable/c/01599bf7cc2b49c3d2be886cb438647dc25446ed
https://git.kernel.org/stable/c/04f8ef5643bcd8bcde25dfdebef998aea480b2ba
https://git.kernel.org/stable/c/04f8ef5643bcd8bcde25dfdebef998aea480b2ba
https://git.kernel.org/stable/c/b529f88d93884cf8ccafda793ee3d27b82fa578d
https://git.kernel.org/stable/c/b529f88d93884cf8ccafda793ee3d27b82fa578d



© 1998-2025 E-Soft Inc. All rights reserved.