{"id":"CVE-2021-47488","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ncgroup: Fix memory leak caused by missing cgroup_bpf_offline\n\nWhen enabling CONFIG_CGROUP_BPF, kmemleak can be observed by running\nthe command as below:\n\n    $mount -t cgroup -o none,name=foo cgroup cgroup/\n    $umount cgroup/\n\nunreferenced object 0xc3585c40 (size 64):\n  comm \"mount\", pid 425, jiffies 4294959825 (age 31.990s)\n  hex dump (first 32 bytes):\n    01 00 00 80 84 8c 28 c0 00 00 00 00 00 00 00 00  ......(.........\n    00 00 00 00 00 00 00 00 6c 43 a0 c3 00 00 00 00  ........lC......\n  backtrace:\n    [\u003ce95a2f9e\u003e] cgroup_bpf_inherit+0x44/0x24c\n    [\u003c1f03679c\u003e] cgroup_setup_root+0x174/0x37c\n    [\u003ced4b0ac5\u003e] cgroup1_get_tree+0x2c0/0x4a0\n    [\u003cf85b12fd\u003e] vfs_get_tree+0x24/0x108\n    [\u003cf55aec5c\u003e] path_mount+0x384/0x988\n    [\u003ce2d5e9cd\u003e] do_mount+0x64/0x9c\n    [\u003c208c9cfe\u003e] sys_mount+0xfc/0x1f4\n    [\u003c06dd06e0\u003e] ret_fast_syscall+0x0/0x48\n    [\u003ca8308cb3\u003e] 0xbeb4daa8\n\nThis is because that since the commit 2b0d3d3e4fcf (\"percpu_ref: reduce\nmemory footprint of percpu_ref in fast path\") root_cgrp-\u003ebpf.refcnt.data\nis allocated by the function percpu_ref_init in cgroup_bpf_inherit which\nis called by cgroup_setup_root when mounting, but not freed along with\nroot_cgrp when umounting. Adding cgroup_bpf_offline which calls\npercpu_ref_kill to cgroup_kill_sb can free root_cgrp-\u003ebpf.refcnt.data in\numount path.\n\nThis patch also fixes the commit 4bfc0bb2c60e (\"bpf: decouple the lifetime\nof cgroup_bpf from cgroup itself\"). A cgroup_bpf_offline is needed to do a\ncleanup that frees the resources which are allocated by cgroup_bpf_inherit\nin cgroup_setup_root.\n\nAnd inside cgroup_bpf_offline, cgroup_get() is at the beginning and\ncgroup_put is at the end of cgroup_bpf_release which is called by\ncgroup_bpf_offline. So cgroup_bpf_offline can keep the balance of\ncgroup's refcount.","modified":"2024-12-05T21:54:54.259181Z","published":"2024-05-22T09:15:10Z","withdrawn":"2024-12-05T21:54:54.259181Z","related":["SUSE-SU-2024:2008-1","SUSE-SU-2024:2011-1","SUSE-SU-2024:2019-1","SUSE-SU-2024:2189-1","SUSE-SU-2024:2190-1"],"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/01599bf7cc2b49c3d2be886cb438647dc25446ed"},{"type":"WEB","url":"https://git.kernel.org/stable/c/04f8ef5643bcd8bcde25dfdebef998aea480b2ba"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b529f88d93884cf8ccafda793ee3d27b82fa578d"},{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2021-47488"}],"affected":[{"package":{"name":"linux","ecosystem":"Debian:11","purl":"pkg:deb/debian/linux?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.10.84-1"}]}],"versions":["5.10.46-4","5.10.46-5","5.10.70-1","5.10.70-1~bpo10+1"],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-47488.json"}},{"package":{"name":"linux","ecosystem":"Debian:12","purl":"pkg:deb/debian/linux?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.15.3-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-47488.json"}},{"package":{"name":"linux","ecosystem":"Debian:13","purl":"pkg:deb/debian/linux?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.15.3-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-47488.json"}}],"schema_version":"1.7.3"}