CVE-2022-50771

Summary

In the Linux kernel, the following vulnerability has been resolved:

rcu: Fix __this_cpu_read() lockdep warning in rcu_force_quiescent_state()

Running rcutorture with non-zero fqs_duration module parameter in a kernel built with CONFIG_PREEMPTION=y results in the following splat:

BUG: using __this_cpu_read() in preemptible [00000000] code: rcu_torture_fqs/398 caller is __this_cpu_preempt_check+0x13/0x20 CPU: 3 PID: 398 Comm: rcu_torture_fqs Not tainted 6.0.0-rc1-yoctodev-standard+ Call Trace: <TASK> dump_stack_lvl+0x5b/0x86 dump_stack+0x10/0x16 check_preemption_disabled+0xe5/0xf0 __this_cpu_preempt_check+0x13/0x20 rcu_force_quiescent_state.part.0+0x1c/0x170 rcu_force_quiescent_state+0x1e/0x30 rcu_torture_fqs+0xca/0x160 ? rcu_torture_boost+0x430/0x430 kthread+0x192/0x1d0 ? kthread_complete_and_exit+0x30/0x30 ret_from_fork+0x22/0x30 </TASK>

The problem is that rcu_force_quiescent_state() uses __this_cpu_read() in preemptible code instead of the proper raw_cpu_read(). This commit therefore changes __this_cpu_read() to raw_cpu_read().

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxd860d40327dde251d508a234fa00bd0d90fbb656 < 3d92527a919edd1aa381bdd6c299dd75a8167396affected
LinuxLinuxd860d40327dde251d508a234fa00bd0d90fbb656 < 5a52380b8193cf8be6c4a6b94b86ef64ed80c0dcaffected
LinuxLinuxd860d40327dde251d508a234fa00bd0d90fbb656 < 98a5b1265a36e9d843a51ddd6c9fa02da50d2c57affected
LinuxLinuxd860d40327dde251d508a234fa00bd0d90fbb656 < a74af9b937707b42c3fd041aae1ed4ce2f337307affected
LinuxLinuxd860d40327dde251d508a234fa00bd0d90fbb656 < 80a3e7ab477b3655615fc1627c88c248d4ad28d9affected
LinuxLinuxd860d40327dde251d508a234fa00bd0d90fbb656 < ceb1c8c9b8aa9199da46a0f29d2d5f08d9b44c15affected
LinuxLinux3.17affected
LinuxLinux0 < 3.17unaffected
LinuxLinux5.4.229 <= 5.4.*unaffected
LinuxLinux5.10.163 <= 5.10.*unaffected
LinuxLinux5.15.86 <= 5.15.*unaffected
LinuxLinux6.0.16 <= 6.0.*unaffected
LinuxLinux6.1.2 <= 6.1.*unaffected
LinuxLinux6.2 <= *unaffected

Weaknesses

References