| The vulnerability, identified as CVE-2021-47254, is a use-after-free issue in the `gfs2_glock_shrink_scan` function of the Linux kernel. Specifically, the `GLF_LRU` flag is checked under `lru_lock` in `gfs2_glock_remove_from_lru()` to remove the glock from the LRU list in `__gfs2_glock_put()`. However, on the shrink scan path, the same flag is cleared under `lru_lock`, but due to a race window opened by `cond_resched_lock(&lru_lock)` in `gfs2_dispose_glock_lru()`, progress on the put side can be made without deleting the glock from the LRU list. |
| |
| To fix this issue, the patch keeps the `GLF_LRU` flag set across the race window opened by `cond_resched_lock(&lru_lock)` to ensure correct behavior on both sides. The fix involves clearing the `GLF_LRU` flag after `list_del` under `lru_lock`. |
| |
| This vulnerability has been fixed in various Linux kernel versions, including 4.4.274, 4.9.274, 4.14.238, 4.19.196, 5.4.127, 5.10.45, 5.12.12, and 5.13. The affected file is `fs/gfs2/glock.c`. Users are recommended to update to the latest stable kernel version to fix this issue, as well as other bugfixes. |
| |
