From: Greg Kroah-Hartman Date: Mon, 18 Dec 2023 07:39:50 +0000 (+0100) Subject: 5.4-stable patches X-Git-Tag: v5.15.144~27 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=2beae1e33762299f0784d8a98b7b54de92859577;p=thirdparty%2Fkernel%2Fstable-queue.git 5.4-stable patches added patches: ring-buffer-fix-memory-leak-of-free-page.patch --- diff --git a/queue-5.4/ring-buffer-fix-memory-leak-of-free-page.patch b/queue-5.4/ring-buffer-fix-memory-leak-of-free-page.patch new file mode 100644 index 00000000000..d5c700d8b12 --- /dev/null +++ b/queue-5.4/ring-buffer-fix-memory-leak-of-free-page.patch @@ -0,0 +1,48 @@ +From 17d801758157bec93f26faaf5ff1a8b9a552d67a Mon Sep 17 00:00:00 2001 +From: "Steven Rostedt (Google)" +Date: Sun, 10 Dec 2023 22:12:50 -0500 +Subject: ring-buffer: Fix memory leak of free page + +From: Steven Rostedt (Google) + +commit 17d801758157bec93f26faaf5ff1a8b9a552d67a upstream. + +Reading the ring buffer does a swap of a sub-buffer within the ring buffer +with a empty sub-buffer. This allows the reader to have full access to the +content of the sub-buffer that was swapped out without having to worry +about contention with the writer. + +The readers call ring_buffer_alloc_read_page() to allocate a page that +will be used to swap with the ring buffer. When the code is finished with +the reader page, it calls ring_buffer_free_read_page(). Instead of freeing +the page, it stores it as a spare. Then next call to +ring_buffer_alloc_read_page() will return this spare instead of calling +into the memory management system to allocate a new page. + +Unfortunately, on freeing of the ring buffer, this spare page is not +freed, and causes a memory leak. + +Link: https://lore.kernel.org/linux-trace-kernel/20231210221250.7b9cc83c@rorschach.local.home + +Cc: stable@vger.kernel.org +Cc: Mark Rutland +Cc: Mathieu Desnoyers +Fixes: 73a757e63114d ("ring-buffer: Return reader page back into existing ring buffer") +Acked-by: Masami Hiramatsu (Google) +Signed-off-by: Steven Rostedt (Google) +Signed-off-by: Greg Kroah-Hartman +--- + kernel/trace/ring_buffer.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/kernel/trace/ring_buffer.c ++++ b/kernel/trace/ring_buffer.c +@@ -1414,6 +1414,8 @@ static void rb_free_cpu_buffer(struct ri + free_buffer_page(bpage); + } + ++ free_page((unsigned long)cpu_buffer->free_page); ++ + kfree(cpu_buffer); + } + diff --git a/queue-5.4/series b/queue-5.4/series index 37f460ecba3..1a03bdab942 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -34,3 +34,4 @@ soundwire-stream-fix-null-pointer-dereference-for-multi_link.patch ext4-prevent-the-normalized-size-from-exceeding-ext_max_blocks.patch arm64-mm-always-make-sw-dirty-ptes-hw-dirty-in-pte_modify.patch team-fix-use-after-free-when-an-option-instance-allocation-fails.patch +ring-buffer-fix-memory-leak-of-free-page.patch