CVE-2024-50199

Summary

In the Linux kernel, the following vulnerability has been resolved:

mm/swapfile: skip HugeTLB pages for unuse_vma

I got a bad pud error and lost a 1GB HugeTLB when calling swapoff. The problem can be reproduced by the following steps:

  1. Allocate an anonymous 1GB HugeTLB and some other anonymous memory.
  2. Swapout the above anonymous memory.
  3. run swapoff and we will get a bad pud error in kernel message:

mm/pgtable-generic.c:42: bad pud 00000000743d215d(84000001400000e7)

We can tell that pud_clear_bad is called by pud_none_or_clear_bad in unuse_pud_range() by ftrace. And therefore the HugeTLB pages will never be freed because we lost it from page table. We can skip HugeTLB pages for unuse_vma to fix it.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux0fe6e20b9c4c53b3e97096ee73a0857f60aad43f < ba7f982cdb37ff5a7739dec85d7325ea66fc1496affected
LinuxLinux0fe6e20b9c4c53b3e97096ee73a0857f60aad43f < 417d5838ca73c6331ae2fe692fab6c25c00d9a0baffected
LinuxLinux0fe6e20b9c4c53b3e97096ee73a0857f60aad43f < e41710f5a61aca9d6baaa8f53908a927dd9e7aa7affected
LinuxLinux0fe6e20b9c4c53b3e97096ee73a0857f60aad43f < 6ec0fe3756f941f42f8c57156b8bdf2877b2ebafaffected
LinuxLinux0fe6e20b9c4c53b3e97096ee73a0857f60aad43f < bed2b9037806c62166a0ef9a559a1e7e3e1275b8affected
LinuxLinux0fe6e20b9c4c53b3e97096ee73a0857f60aad43f < eb66a833cdd2f7302ee05d05e0fa12a2ca32eb87affected
LinuxLinux0fe6e20b9c4c53b3e97096ee73a0857f60aad43f < 7528c4fb1237512ee18049f852f014eba80bbe8daffected
LinuxLinux2.6.36affected
LinuxLinux0 < 2.6.36unaffected
LinuxLinux5.4.285 <= 5.4.*unaffected
LinuxLinux5.10.228 <= 5.10.*unaffected
LinuxLinux5.15.169 <= 5.15.*unaffected
LinuxLinux6.1.114 <= 6.1.*unaffected
LinuxLinux6.6.58 <= 6.6.*unaffected
LinuxLinux6.11.5 <= 6.11.*unaffected
LinuxLinux6.12 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References