medium
5.5
CWE
667
Advisory Published
CVE Published
Updated

CVE-2024-26987: mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled

First published: Wed May 01 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled When I did hard offline test with hugetlb pages, below deadlock occurs: ====================================================== WARNING: possible circular locking dependency detected 6.8.0-11409-gf6cef5f8c37f #1 Not tainted ------------------------------------------------------ bash/46904 is trying to acquire lock: ffffffffabe68910 (cpu_hotplug_lock){++++}-{0:0}, at: static_key_slow_dec+0x16/0x60 but task is already holding lock: ffffffffabf92ea8 (pcp_batch_high_lock){+.+.}-{3:3}, at: zone_pcp_disable+0x16/0x40 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (pcp_batch_high_lock){+.+.}-{3:3}: __mutex_lock+0x6c/0x770 page_alloc_cpu_online+0x3c/0x70 cpuhp_invoke_callback+0x397/0x5f0 __cpuhp_invoke_callback_range+0x71/0xe0 _cpu_up+0xeb/0x210 cpu_up+0x91/0xe0 cpuhp_bringup_mask+0x49/0xb0 bringup_nonboot_cpus+0xb7/0xe0 smp_init+0x25/0xa0 kernel_init_freeable+0x15f/0x3e0 kernel_init+0x15/0x1b0 ret_from_fork+0x2f/0x50 ret_from_fork_asm+0x1a/0x30 -> #0 (cpu_hotplug_lock){++++}-{0:0}: __lock_acquire+0x1298/0x1cd0 lock_acquire+0xc0/0x2b0 cpus_read_lock+0x2a/0xc0 static_key_slow_dec+0x16/0x60 __hugetlb_vmemmap_restore_folio+0x1b9/0x200 dissolve_free_huge_page+0x211/0x260 __page_handle_poison+0x45/0xc0 memory_failure+0x65e/0xc70 hard_offline_page_store+0x55/0xa0 kernfs_fop_write_iter+0x12c/0x1d0 vfs_write+0x387/0x550 ksys_write+0x64/0xe0 do_syscall_64+0xca/0x1e0 entry_SYSCALL_64_after_hwframe+0x6d/0x75 other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(pcp_batch_high_lock); lock(cpu_hotplug_lock); lock(pcp_batch_high_lock); rlock(cpu_hotplug_lock); *** DEADLOCK *** 5 locks held by bash/46904: #0: ffff98f6c3bb23f0 (sb_writers#5){.+.+}-{0:0}, at: ksys_write+0x64/0xe0 #1: ffff98f6c328e488 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0xf8/0x1d0 #2: ffff98ef83b31890 (kn->active#113){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x100/0x1d0 #3: ffffffffabf9db48 (mf_mutex){+.+.}-{3:3}, at: memory_failure+0x44/0xc70 #4: ffffffffabf92ea8 (pcp_batch_high_lock){+.+.}-{3:3}, at: zone_pcp_disable+0x16/0x40 stack backtrace: CPU: 10 PID: 46904 Comm: bash Kdump: loaded Not tainted 6.8.0-11409-gf6cef5f8c37f #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x68/0xa0 check_noncircular+0x129/0x140 __lock_acquire+0x1298/0x1cd0 lock_acquire+0xc0/0x2b0 cpus_read_lock+0x2a/0xc0 static_key_slow_dec+0x16/0x60 __hugetlb_vmemmap_restore_folio+0x1b9/0x200 dissolve_free_huge_page+0x211/0x260 __page_handle_poison+0x45/0xc0 memory_failure+0x65e/0xc70 hard_offline_page_store+0x55/0xa0 kernfs_fop_write_iter+0x12c/0x1d0 vfs_write+0x387/0x550 ksys_write+0x64/0xe0 do_syscall_64+0xca/0x1e0 entry_SYSCALL_64_after_hwframe+0x6d/0x75 RIP: 0033:0x7fc862314887 Code: 10 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 48 89 54 24 18 48 89 74 24 RSP: 002b:00007fff19311268 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007fc862314887 RDX: 000000000000000c RSI: 000056405645fe10 RDI: 0000000000000001 RBP: 000056405645fe10 R08: 00007fc8623d1460 R09: 000000007fffffff R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000c R13: 00007fc86241b780 R14: 00007fc862417600 R15: 00007fc862416a00 In short, below scene breaks the ---truncated---

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected SoftwareAffected VersionHow to fix
Linux Linux kernel>=5.18<6.1.88
Linux Linux kernel>=6.2<6.6.29
Linux Linux kernel>=6.7<6.8.8
Linux Linux kernel=6.9-rc1
Linux Linux kernel=6.9-rc2
Linux Linux kernel=6.9-rc3
Linux Linux kernel=6.9-rc4
Fedoraproject Fedora=38
Fedoraproject Fedora=39
Fedoraproject Fedora=40
ubuntu/linux<6.8.0-38.38
6.8.0-38.38
ubuntu/linux<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-aws<6.8.0-1011.12
6.8.0-1011.12
ubuntu/linux-aws<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-aws-5.15<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-aws-5.4<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-aws-6.5<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-aws-fips<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-aws-hwe<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-azure<6.8.0-1010.10
6.8.0-1010.10
ubuntu/linux-azure<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-azure-4.15<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-azure-5.15<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-azure-5.4<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-azure-6.5<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-azure-fde<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-azure-fde-5.15<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-azure-fips<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-bluefield<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-fips<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-gcp<6.8.0-1010.11
6.8.0-1010.11
ubuntu/linux-gcp<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-gcp-4.15<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-gcp-5.15<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-gcp-5.4<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-gcp-6.5<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-gcp-fips<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-gke<6.8.0-1006.9
6.8.0-1006.9
ubuntu/linux-gke<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-gkeop<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-gkeop-5.15<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-hwe<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-hwe-5.15<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-hwe-5.4<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-hwe-6.5<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-ibm<6.8.0-1008.8
6.8.0-1008.8
ubuntu/linux-ibm<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-ibm-5.15<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-ibm-5.4<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-intel<6.8.0-1007.14
6.8.0-1007.14
ubuntu/linux-intel<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-intel-iot-realtime<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-intel-iotg<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-intel-iotg-5.15<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-iot<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-kvm<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-laptop<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-lowlatency<6.8.0-38.38.1
6.8.0-38.38.1
ubuntu/linux-lowlatency<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-lowlatency-hwe-5.15<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-lowlatency-hwe-6.5<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-lowlatency-hwe-6.8<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-lts-xenial<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-nvidia<6.8.0-1009.9
6.8.0-1009.9
ubuntu/linux-nvidia<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-nvidia-6.5<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-nvidia-6.8<6.8.0-1009.9~22.04.1
6.8.0-1009.9~22.04.1
ubuntu/linux-nvidia-6.8<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-nvidia-lowlatency<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-oem-6.5<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-oem-6.8<6.8.0-1008.8
6.8.0-1008.8
ubuntu/linux-oem-6.8<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-oracle<6.8.0-1008.8
6.8.0-1008.8
ubuntu/linux-oracle<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-oracle-5.15<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-oracle-5.4<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-oracle-6.5<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-raspi<6.8.0-1007.7
6.8.0-1007.7
ubuntu/linux-raspi<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-raspi-5.4<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-raspi-realtime<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-realtime<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-riscv<6.8.0-38.38.1
6.8.0-38.38.1
ubuntu/linux-riscv<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-riscv-5.15<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-riscv-6.5<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-riscv-6.8<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-starfive<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-starfive-6.5<6.9~<6.8.8
6.9~
6.8.8
ubuntu/linux-xilinx-zynqmp<6.9~<6.8.8
6.9~
6.8.8
debian/linux
5.10.223-1
6.1.106-3
6.1.99-1
6.10.6-1
6.10.7-1

Remedy

https://git.kernel.org/stable/c/1983184c22dd84a4d95a71e5c6775c2638557dc7

Remedy

https://git.kernel.org/stable/c/49955b24002dc16a0ae2e83a57a2a6c863a1845c

Remedy

https://git.kernel.org/stable/c/5ef7ba2799a3b5ed292b8f6407376e2c25ef002e

Remedy

https://git.kernel.org/stable/c/882e1180c83f5b75bae03d0ccc31ccedfe5159de

Remedy

https://git.kernel.org/linus/a6b40850c442bf996e729e1d441d3dbc37cea171

Remedy

https://git.kernel.org/linus/1983184c22dd84a4d95a71e5c6775c2638557dc7

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203