- Vulnerability/
- CVE-2024-40915
CVE-2024-40915: riscv: rewrite __kernel_map_pages() to fix sleeping in invalid context
First published: Fri Jul 12 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: riscv: rewrite __kernel_map_pages() to fix sleeping in invalid context __kernel_map_pages() is a debug function which clears the valid bit in page table entry for deallocated pages to detect illegal memory accesses to freed pages. This function set/clear the valid bit using __set_memory(). __set_memory() acquires init_mm's semaphore, and this operation may sleep. This is problematic, because __kernel_map_pages() can be called in atomic context, and thus is illegal to sleep. An example warning that this causes: BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1578 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2, name: kthreadd preempt_count: 2, expected: 0 CPU: 0 PID: 2 Comm: kthreadd Not tainted 6.9.0-g1d4c6d784ef6 #37 Hardware name: riscv-virtio,qemu (DT) Call Trace: [<ffffffff800060dc>] dump_backtrace+0x1c/0x24 [<ffffffff8091ef6e>] show_stack+0x2c/0x38 [<ffffffff8092baf8>] dump_stack_lvl+0x5a/0x72 [<ffffffff8092bb24>] dump_stack+0x14/0x1c [<ffffffff8003b7ac>] __might_resched+0x104/0x10e [<ffffffff8003b7f4>] __might_sleep+0x3e/0x62 [<ffffffff8093276a>] down_write+0x20/0x72 [<ffffffff8000cf00>] __set_memory+0x82/0x2fa [<ffffffff8000d324>] __kernel_map_pages+0x5a/0xd4 [<ffffffff80196cca>] __alloc_pages_bulk+0x3b2/0x43a [<ffffffff8018ee82>] __vmalloc_node_range+0x196/0x6ba [<ffffffff80011904>] copy_process+0x72c/0x17ec [<ffffffff80012ab4>] kernel_clone+0x60/0x2fe [<ffffffff80012f62>] kernel_thread+0x82/0xa0 [<ffffffff8003552c>] kthreadd+0x14a/0x1be [<ffffffff809357de>] ret_from_fork+0xe/0x1c Rewrite this function with apply_to_existing_page_range(). It is fine to not have any locking, because __kernel_map_pages() works with pages being allocated/deallocated and those pages are not changed by anyone else in the meantime.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/linux | <=5.10.223-1<=5.10.226-1 | 6.1.115-1 6.1.112-1 6.11.5-1 6.11.7-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/8661a7af04991201640863ad1a0983173f84b5eb
- https://git.kernel.org/stable/c/919f8626099d9909b9a9620b05e8c8ab06581876
- https://git.kernel.org/stable/c/d5257ceb19d92069195254866421f425aea42915
- https://git.kernel.org/stable/c/fb1cf0878328fe75d47f0aed0a65b30126fcefc4
- https://git.kernel.org/linus/fb1cf0878328fe75d47f0aed0a65b30126fcefc4
- https://security-tracker.debian.org/tracker/CVE-2024-40915
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40915
- https://nvd.nist.gov/vuln/detail/CVE-2024-40915
- https://launchpad.net/bugs/cve/CVE-2024-40915
- https://ubuntu.com/security/CVE-2024-40915
- agent/severity
- agent/title
- agent/type
- collector/nvd-api
- source/NVD
- collector/nvd-cve
- agent/remedy
- agent/author
- agent/first-publish-date
- agent/references
- agent/tags
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/launchpad-cve
- source/Launchpad
- package-manager/debian