Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
In the Linux kernel, the following vulnerability has been resolved:page_pool: avoid infinite loop to schedule delayed workerWe noticed the kworker in page_pool_release_retry() was wakenup repeatedly and infinitely in production because of thebuggy driver causing the inflight less than 0 and warningus in page_pool_inflight()[1].Since the inflight value goes negative, it means we shouldnot expect the whole page_pool to get back to work normally.This patch mitigates the adverse effect by not reschedulingthe kworker when detecting the inflight negative inpage_pool_release_retry().[1][Mon Feb 10 20:36:11 2025] ------------[ cut here ]------------[Mon Feb 10 20:36:11 2025] Negative(-51446) inflight packet-pages...[Mon Feb 10 20:36:11 2025] Call Trace:[Mon Feb 10 20:36:11 2025] page_pool_release_retry+0x23/0x70[Mon Feb 10 20:36:11 2025] process_one_work+0x1b1/0x370[Mon Feb 10 20:36:11 2025] worker_thread+0x37/0x3a0[Mon Feb 10 20:36:11 2025] kthread+0x11a/0x140[Mon Feb 10 20:36:11 2025] ? process_one_work+0x370/0x370[Mon Feb 10 20:36:11 2025] ? __kthread_cancel_work+0x40/0x40[Mon Feb 10 20:36:11 2025] ret_from_fork+0x35/0x40[Mon Feb 10 20:36:11 2025] ---[ end trace ebffe800f33e7e34 ]---Note: before this patch, the above calltrace would flood thedmesg due to repeated reschedule of release_dw kworker.
No PoCs from references.
- https://github.com/w4zu/Debian_security