Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
In the Linux kernel, the following vulnerability has been resolved:mm: slub: avoid wake up kswapd in set_track_prepareset_track_prepare() can incur lock recursion.The issue is that it is called from hrtimer_start_range_nsholding the per_cpu(hrtimer_bases)[n].lock, but when enabledCONFIG_DEBUG_OBJECTS_TIMERS, may wake up kswapd in set_track_prepare,and try to hold the per_cpu(hrtimer_bases)[n].lock.Avoid deadlock caused by implicitly waking up kswapd by passing inallocation flags, which do not contain __GFP_KSWAPD_RECLAIM in thedebug_objects_fill_pool() case. Inside stack depot they are processed bygfp_nested_mask().Since ___slab_alloc() has preemption disabled, we mask out__GFP_DIRECT_RECLAIM from the flags there.The oops looks something like:BUG: spinlock recursion on CPU#3, swapper/3/0 lock: 0xffffff8a4bf29c80, .magic: dead4ead, .owner: swapper/3/0, .owner_cpu: 3Hardware name: Qualcomm Technologies, Inc. Popsicle based on SM8850 (DT)Call trace:spin_bug+0x0_raw_spin_lock_irqsave+0x80hrtimer_try_to_cancel+0x94task_contending+0x10cenqueue_dl_entity+0x2a4dl_server_start+0x74enqueue_task_fair+0x568enqueue_task+0xacdo_activate_task+0x14cttwu_do_activate+0xcctry_to_wake_up+0x6c8default_wake_function+0x20autoremove_wake_function+0x1c__wake_up+0xacwakeup_kswapd+0x19cwake_all_kswapds+0x78__alloc_pages_slowpath+0x1ac__alloc_pages_noprof+0x298stack_depot_save_flags+0x6b0stack_depot_save+0x14set_track_prepare+0x5c___slab_alloc+0xccc__kmalloc_cache_noprof+0x470__set_page_owner+0x2bcpost_alloc_hook[jt]+0x1b8prep_new_page+0x28get_page_from_freelist+0x1edc__alloc_pages_noprof+0x13calloc_slab_page+0x244allocate_slab+0x7c___slab_alloc+0x8e8kmem_cache_alloc_noprof+0x450debug_objects_fill_pool+0x22cdebug_object_activate+0x40enqueue_hrtimer[jt]+0xdchrtimer_start_range_ns+0x5f8...
No PoCs from references.
- https://github.com/w4zu/Debian_security