CVE-2024-41023

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> sched/deadline: Fix task_struct reference leak<br /> <br /> During the execution of the following stress test with linux-rt:<br /> <br /> stress-ng --cyclic 30 --timeout 30 --minimize --quiet<br /> <br /> kmemleak frequently reported a memory leak concerning the task_struct:<br /> <br /> unreferenced object 0xffff8881305b8000 (size 16136):<br /> comm "stress-ng", pid 614, jiffies 4294883961 (age 286.412s)<br /> object hex dump (first 32 bytes):<br /> 02 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .@..............<br /> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................<br /> debug hex dump (first 16 bytes):<br /> 53 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 S...............<br /> backtrace:<br /> [] dup_task_struct+0x30/0x540<br /> [] copy_process+0x3d9/0x50e0<br /> [] kernel_clone+0xb0/0x770<br /> [] __do_sys_clone+0xb6/0xf0<br /> [] do_syscall_64+0x5d/0xf0<br /> [] entry_SYSCALL_64_after_hwframe+0x6e/0x76<br /> <br /> The issue occurs in start_dl_timer(), which increments the task_struct<br /> reference count and sets a timer. The timer callback, dl_task_timer,<br /> is supposed to decrement the reference count upon expiration. However,<br /> if enqueue_task_dl() is called before the timer expires and cancels it,<br /> the reference count is not decremented, leading to the leak.<br /> <br /> This patch fixes the reference leak by ensuring the task_struct<br /> reference count is properly decremented when the timer is canceled.