5.5

CVE-2021-47256

mm/memory-failure: make sure wait for page writeback in memory_failure

In the Linux kernel, the following vulnerability has been resolved:

mm/memory-failure: make sure wait for page writeback in memory_failure

Our syzkaller trigger the "BUG_ON(!list_empty(&inode->i_wb_list))" in
clear_inode:

  kernel BUG at fs/inode.c:519!
  Internal error: Oops - BUG: 0 [#1] SMP
  Modules linked in:
  Process syz-executor.0 (pid: 249, stack limit = 0x00000000a12409d7)
  CPU: 1 PID: 249 Comm: syz-executor.0 Not tainted 4.19.95
  Hardware name: linux,dummy-virt (DT)
  pstate: 80000005 (Nzcv daif -PAN -UAO)
  pc : clear_inode+0x280/0x2a8
  lr : clear_inode+0x280/0x2a8
  Call trace:
    clear_inode+0x280/0x2a8
    ext4_clear_inode+0x38/0xe8
    ext4_free_inode+0x130/0xc68
    ext4_evict_inode+0xb20/0xcb8
    evict+0x1a8/0x3c0
    iput+0x344/0x460
    do_unlinkat+0x260/0x410
    __arm64_sys_unlinkat+0x6c/0xc0
    el0_svc_common+0xdc/0x3b0
    el0_svc_handler+0xf8/0x160
    el0_svc+0x10/0x218
  Kernel panic - not syncing: Fatal exception

A crash dump of this problem show that someone called __munlock_pagevec
to clear page LRU without lock_page: do_mmap -> mmap_region -> do_munmap
-> munlock_vma_pages_range -> __munlock_pagevec.

As a result memory_failure will call identify_page_state without
wait_on_page_writeback.  And after truncate_error_page clear the mapping
of this page.  end_page_writeback won't call sb_clear_inode_writeback to
clear inode->i_wb_list.  That will trigger BUG_ON in clear_inode!

Fix it by checking PageWriteback too to help determine should we skip
wait_on_page_writeback.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 3.16 < 4.14.238
LinuxLinux Kernel Version >= 4.15 < 4.19.196
LinuxLinux Kernel Version >= 4.20 < 5.4.128
LinuxLinux Kernel Version >= 5.5 < 5.10.46
LinuxLinux Kernel Version >= 5.11 < 5.12.13
LinuxLinux Kernel Version5.13 Updaterc1
LinuxLinux Kernel Version5.13 Updaterc2
LinuxLinux Kernel Version5.13 Updaterc3
LinuxLinux Kernel Version5.13 Updaterc4
LinuxLinux Kernel Version5.13 Updaterc5
LinuxLinux Kernel Version5.13 Updaterc6
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.23% 0.139
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/28788dc5c70597395b6b451dae4549bbaa8e2c56
Patch
https://git.kernel.org/stable/c/566345aaabac853aa866f53a219c4b02a6beb527
Patch
https://git.kernel.org/stable/c/6d210d547adc2218ef8b5bcf23518c5f2f1fd872
Patch
https://git.kernel.org/stable/c/9e379da727a7a031be9b877cde7b9c34a0fb8306
Patch
https://git.kernel.org/stable/c/d05267fd27a5c4f54e06daefa3035995d765ca0c
Patch
https://git.kernel.org/stable/c/e8675d291ac007e1c636870db880f837a9ea112a
Patch