CVE-2024-35929
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
rcu/nocb: Fix WARN_ON_ONCE() in the rcu_nocb_bypass_lock()
For the kernels built with CONFIG_RCU_NOCB_CPU_DEFAULT_ALL=y and CONFIG_RCU_LAZY=y, the following scenarios will trigger WARN_ON_ONCE() in the rcu_nocb_bypass_lock() and rcu_nocb_wait_contended() functions:
CPU2 CPU11
kthread rcu_nocb_cb_kthread ksys_write rcu_do_batch vfs_write rcu_torture_timer_cb proc_sys_write __kmem_cache_free proc_sys_call_handler kmemleak_free drop_caches_sysctl_handler delete_object_full drop_slab __delete_object shrink_slab put_object lazy_rcu_shrink_scan call_rcu rcu_nocb_flush_bypass _call_rcu_commn rcu_nocb_bypass_lock raw_spin_trylock(&rdp->nocb_bypass_lock) fail atomic_inc(&rdp->nocb_lock_contended); rcu_nocb_wait_contended WARN_ON_ONCE(smp_processor_id() != rdp->cpu); WARN_ON_ONCE(atomic_read(&rdp->nocb_lock_contended)) | | _ _ _ _ _ _ _ _ same rdp and rdp->cpu != 11 _ _ _ _ _ _ _ _ __|
Reproduce this bug with "echo 3 > /proc/sys/vm/drop_caches".
This commit therefore uses rcu_nocb_try_flush_bypass() instead of rcu_nocb_flush_bypass() in lazy_rcu_shrink_scan(). If the nocb_bypass queue is being flushed, then rcu_nocb_try_flush_bypass will return directly.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 7625926086765123251f765d91fc3a70617d334d < 4d58c9fb45c70e62c19e8be3f3605889c47601bc | affected |
| Linux | Linux | 7625926086765123251f765d91fc3a70617d334d < 927d1f4f77e4784ab3944a9df86ab14d1cd3185a | affected |
| Linux | Linux | 7625926086765123251f765d91fc3a70617d334d < dda98810b552fc6bf650f4270edeebdc2f28bd3f | affected |
| Linux | Linux | 6.5 | affected |
| Linux | Linux | 0 < 6.5 | unaffected |
| Linux | Linux | 6.6.27 <= 6.6.* | unaffected |
| Linux | Linux | 6.8.6 <= 6.8.* | unaffected |
| Linux | Linux | 6.9 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://git.kernel.org/stable/c/4d58c9fb45c70e62c19e8be3f3605889c47601bc
- https://git.kernel.org/stable/c/927d1f4f77e4784ab3944a9df86ab14d1cd3185a
- https://git.kernel.org/stable/c/dda98810b552fc6bf650f4270edeebdc2f28bd3f
References
- https://git.kernel.org/stable/c/4d58c9fb45c70e62c19e8be3f3605889c47601bc
- https://git.kernel.org/stable/c/927d1f4f77e4784ab3944a9df86ab14d1cd3185a
- https://git.kernel.org/stable/c/dda98810b552fc6bf650f4270edeebdc2f28bd3f
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.