{ "containers": { "cna": { "providerMetadata": { "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" }, "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: rewrite __kernel_map_pages() to fix sleeping in invalid context\n\n__kernel_map_pages() is a debug function which clears the valid bit in page\ntable entry for deallocated pages to detect illegal memory accesses to\nfreed pages.\n\nThis function set/clear the valid bit using __set_memory(). __set_memory()\nacquires init_mm's semaphore, and this operation may sleep. This is\nproblematic, because __kernel_map_pages() can be called in atomic context,\nand thus is illegal to sleep. An example warning that this causes:\n\nBUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1578\nin_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2, name: kthreadd\npreempt_count: 2, expected: 0\nCPU: 0 PID: 2 Comm: kthreadd Not tainted 6.9.0-g1d4c6d784ef6 #37\nHardware name: riscv-virtio,qemu (DT)\nCall Trace:\n[] dump_backtrace+0x1c/0x24\n[] show_stack+0x2c/0x38\n[] dump_stack_lvl+0x5a/0x72\n[] dump_stack+0x14/0x1c\n[] __might_resched+0x104/0x10e\n[] __might_sleep+0x3e/0x62\n[] down_write+0x20/0x72\n[] __set_memory+0x82/0x2fa\n[] __kernel_map_pages+0x5a/0xd4\n[] __alloc_pages_bulk+0x3b2/0x43a\n[] __vmalloc_node_range+0x196/0x6ba\n[] copy_process+0x72c/0x17ec\n[] kernel_clone+0x60/0x2fe\n[] kernel_thread+0x82/0xa0\n[] kthreadd+0x14a/0x1be\n[] ret_from_fork+0xe/0x1c\n\nRewrite this function with apply_to_existing_page_range(). It is fine to\nnot have any locking, because __kernel_map_pages() works with pages being\nallocated/deallocated and those pages are not changed by anyone else in the\nmeantime." } ], "affected": [ { "product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": [ "arch/riscv/mm/pageattr.c" ], "versions": [ { "version": "5fde3db5eb02", "lessThan": "919f8626099d", "status": "affected", "versionType": "git" }, { "version": "5fde3db5eb02", "lessThan": "8661a7af0499", "status": "affected", "versionType": "git" }, { "version": "5fde3db5eb02", "lessThan": "d5257ceb19d9", "status": "affected", "versionType": "git" }, { "version": "5fde3db5eb02", "lessThan": "fb1cf0878328", "status": "affected", "versionType": "git" } ] }, { "product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": [ "arch/riscv/mm/pageattr.c" ], "versions": [ { "version": "5.7", "status": "affected" }, { "version": "0", "lessThan": "5.7", "status": "unaffected", "versionType": "custom" }, { "version": "6.1.95", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom" }, { "version": "6.6.35", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom" }, { "version": "6.9.6", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "custom" }, { "version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix" } ] } ], "references": [ { "url": "https://git.kernel.org/stable/c/919f8626099d9909b9a9620b05e8c8ab06581876" }, { "url": "https://git.kernel.org/stable/c/8661a7af04991201640863ad1a0983173f84b5eb" }, { "url": "https://git.kernel.org/stable/c/d5257ceb19d92069195254866421f425aea42915" }, { "url": "https://git.kernel.org/stable/c/fb1cf0878328fe75d47f0aed0a65b30126fcefc4" } ], "title": "riscv: rewrite __kernel_map_pages() to fix sleeping in invalid context", "x_generator": { "engine": "bippy-c9c4e1df01b2" } } }, "cveMetadata": { "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", "cveID": "CVE-2024-40915", "requesterUserId": "gregkh@kernel.org", "serial": "1", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.0" }