CVE-2022-50771
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
rcu: Fix __this_cpu_read() lockdep warning in rcu_force_quiescent_state()
Running rcutorture with non-zero fqs_duration module parameter in a kernel built with CONFIG_PREEMPTION=y results in the following splat:
BUG: using __this_cpu_read() in preemptible [00000000] code: rcu_torture_fqs/398 caller is __this_cpu_preempt_check+0x13/0x20 CPU: 3 PID: 398 Comm: rcu_torture_fqs Not tainted 6.0.0-rc1-yoctodev-standard+ Call Trace: <TASK> dump_stack_lvl+0x5b/0x86 dump_stack+0x10/0x16 check_preemption_disabled+0xe5/0xf0 __this_cpu_preempt_check+0x13/0x20 rcu_force_quiescent_state.part.0+0x1c/0x170 rcu_force_quiescent_state+0x1e/0x30 rcu_torture_fqs+0xca/0x160 ? rcu_torture_boost+0x430/0x430 kthread+0x192/0x1d0 ? kthread_complete_and_exit+0x30/0x30 ret_from_fork+0x22/0x30 </TASK>
The problem is that rcu_force_quiescent_state() uses __this_cpu_read() in preemptible code instead of the proper raw_cpu_read(). This commit therefore changes __this_cpu_read() to raw_cpu_read().
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | d860d40327dde251d508a234fa00bd0d90fbb656 < 3d92527a919edd1aa381bdd6c299dd75a8167396 | affected |
| Linux | Linux | d860d40327dde251d508a234fa00bd0d90fbb656 < 5a52380b8193cf8be6c4a6b94b86ef64ed80c0dc | affected |
| Linux | Linux | d860d40327dde251d508a234fa00bd0d90fbb656 < 98a5b1265a36e9d843a51ddd6c9fa02da50d2c57 | affected |
| Linux | Linux | d860d40327dde251d508a234fa00bd0d90fbb656 < a74af9b937707b42c3fd041aae1ed4ce2f337307 | affected |
| Linux | Linux | d860d40327dde251d508a234fa00bd0d90fbb656 < 80a3e7ab477b3655615fc1627c88c248d4ad28d9 | affected |
| Linux | Linux | d860d40327dde251d508a234fa00bd0d90fbb656 < ceb1c8c9b8aa9199da46a0f29d2d5f08d9b44c15 | affected |
| Linux | Linux | 3.17 | affected |
| Linux | Linux | 0 < 3.17 | unaffected |
| Linux | Linux | 5.4.229 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.163 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.86 <= 5.15.* | unaffected |
| Linux | Linux | 6.0.16 <= 6.0.* | unaffected |
| Linux | Linux | 6.1.2 <= 6.1.* | unaffected |
| Linux | Linux | 6.2 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/3d92527a919edd1aa381bdd6c299dd75a8167396
- https://git.kernel.org/stable/c/5a52380b8193cf8be6c4a6b94b86ef64ed80c0dc
- https://git.kernel.org/stable/c/98a5b1265a36e9d843a51ddd6c9fa02da50d2c57
- https://git.kernel.org/stable/c/a74af9b937707b42c3fd041aae1ed4ce2f337307
- https://git.kernel.org/stable/c/80a3e7ab477b3655615fc1627c88c248d4ad28d9
- https://git.kernel.org/stable/c/ceb1c8c9b8aa9199da46a0f29d2d5f08d9b44c15
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.