CVE-2024-56585

Commit bab1c299f3945ffe79 ("LoongArch: Fix sleeping in atomic context in setuptlbhandler()") changes the gfp flag from GFPKERNEL to GFPATOMIC for allocpagesnode(). However, for PREEMPT_RT kernels we can still get a "sleeping in atomic context" error:

[ 0.372259] BUG: sleeping function called from invalid context at kernel/locking/spinlockrt.c:48 [ 0.372266] inatomic(): 1, irqsdisabled(): 1, nonblock: 0, pid: 0, name: swapper/1 [ 0.372268] preemptcount: 1, expected: 0 [ 0.372270] RCU nest depth: 1, expected: 1 [ 0.372272] 3 locks held by swapper/1/0: [ 0.372274] #0: 900000000c9f5e60 (&pcp->lock){+.+.}-{3:3}, at: getpagefromfreelist+0x524/0x1c60 [ 0.372294] #1: 90000000087013b8 (rcureadlock){....}-{1:3}, at: rtspintrylock+0x50/0x140 [ 0.372305] #2: 900000047fffd388 (&zone->lock){+.+.}-{3:3}, at: _rmqueuepcplist+0x30c/0xea0 [ 0.372314] irq event stamp: 0 [ 0.372316] hardirqs last enabled at (0): [<0000000000000000>] 0x0 [ 0.372322] hardirqs last disabled at (0): [<9000000005947320>] copyprocess+0x9c0/0x26e0 [ 0.372329] softirqs last enabled at (0): [<9000000005947320>] copyprocess+0x9c0/0x26e0 [ 0.372335] softirqs last disabled at (0): [<0000000000000000>] 0x0 [ 0.372341] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.12.0-rc7+ #1891 [ 0.372346] Hardware name: Loongson Loongson-3A5000-7A1000-1w-CRB/Loongson-LS3A5000-7A1000-1w-CRB, BIOS vUDK2018-LoongArch-V2.0.0-prebeta9 10/21/2022 [ 0.372349] Stack : 0000000000000089 9000000005a0db9c 90000000071519c8 9000000100388000 [ 0.372486] 900000010038b890 0000000000000000 900000010038b898 9000000007e53788 [ 0.372492] 900000000815bcc8 900000000815bcc0 900000010038b700 0000000000000001 [ 0.372498] 0000000000000001 4b031894b9d6b725 00000000055ec000 9000000100338fc0 [ 0.372503] 00000000000000c4 0000000000000001 000000000000002d 0000000000000003 [ 0.372509] 0000000000000030 0000000000000003 00000000055ec000 0000000000000003 [ 0.372515] 900000000806d000 9000000007e53788 00000000000000b0 0000000000000004 [ 0.372521] 0000000000000000 0000000000000000 900000000c9f5f10 0000000000000000 [ 0.372526] 90000000076f12d8 9000000007e53788 9000000005924778 0000000000000000 [ 0.372532] 00000000000000b0 0000000000000004 0000000000000000 0000000000070000 [ 0.372537] ... [ 0.372540] Call Trace: [ 0.372542] [<9000000005924778>] showstack+0x38/0x180 [ 0.372548] [<90000000071519c4>] dumpstacklvl+0x94/0xe4 [ 0.372555] [<900000000599b880>] _mightresched+0x1a0/0x260 [ 0.372561] [<90000000071675cc>] rtspinlock+0x4c/0x140 [ 0.372565] [<9000000005cbb768>] _rmqueuepcplist+0x308/0xea0 [ 0.372570] [<9000000005cbed84>] getpagefromfreelist+0x564/0x1c60 [ 0.372575] [<9000000005cc0d98>] _allocpagesnoprof+0x218/0x1820 [ 0.372580] [<900000000593b36c>] tlbinit+0x1ac/0x298 [ 0.372585] [<9000000005924b74>] percputrapinit+0x114/0x140 [ 0.372589] [<9000000005921964>] cpuprobe+0x4e4/0xa60 [ 0.372592] [<9000000005934874>] startsecondary+0x34/0xc0 [ 0.372599] [<900000000715615c>] smpbootentry+0x64/0x6c

This is because in PREEMPTRT kernels normal spinlocks are replaced by rt spinlocks and rtspinlock() will cause sleeping. Fix it by disabling NUMA optimization completely for PREEMPTRT kernels.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

fa96b57c149061f71a70bd6582d995f6424fbbf4

Fixed

08715b741f9b2a925d6485491e4907f3b29bac70

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

fa96b57c149061f71a70bd6582d995f6424fbbf4

Fixed

c5f89458a2ea0800866b9fc690d3fa8367dc8f8d

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

fa96b57c149061f71a70bd6582d995f6424fbbf4

Fixed

6575e0867bd478a5d7ef1783ca1e73160807d238

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

fa96b57c149061f71a70bd6582d995f6424fbbf4

Fixed

88fd2b70120d52c1010257d36776876941375490

Affected versions

v5.*

v5.19

v5.19-rc1

v5.19-rc2

v5.19-rc3

v5.19-rc4

v5.19-rc5

v5.19-rc6

v5.19-rc7

v5.19-rc8

v6.*

v6.0

v6.0-rc1

v6.0-rc2

v6.0-rc3

v6.0-rc4

v6.0-rc5

v6.0-rc6

v6.0-rc7

v6.1

v6.1-rc1

v6.1-rc2

v6.1-rc3

v6.1-rc4

v6.1-rc5

v6.1-rc6

v6.1-rc7

v6.1-rc8

v6.1.1

v6.1.10

v6.1.100

v6.1.101

v6.1.102

v6.1.103

v6.1.104

v6.1.105

v6.1.106

v6.1.107

v6.1.108

v6.1.109

v6.1.11

v6.1.110

v6.1.111

v6.1.112

v6.1.113

v6.1.114

v6.1.115

v6.1.116

v6.1.117

v6.1.118

v6.1.119

v6.1.12

v6.1.13

v6.1.14

v6.1.15

v6.1.16

v6.1.17

v6.1.18

v6.1.19

v6.1.2

v6.1.20

v6.1.21

v6.1.22

v6.1.23

v6.1.24

v6.1.25

v6.1.26

v6.1.27

v6.1.28

v6.1.29

v6.1.3

v6.1.30

v6.1.31

v6.1.32

v6.1.33

v6.1.34

v6.1.35

v6.1.36

v6.1.37

v6.1.38

v6.1.39

v6.1.4

v6.1.40

v6.1.41

v6.1.42

v6.1.43

v6.1.44

v6.1.45

v6.1.46

v6.1.47

v6.1.48

v6.1.49

v6.1.5

v6.1.50

v6.1.51

v6.1.52

v6.1.53

v6.1.54

v6.1.55

v6.1.56

v6.1.57

v6.1.58

v6.1.59

v6.1.6

v6.1.60

v6.1.61

v6.1.62

v6.1.63

v6.1.64

v6.1.65

v6.1.66

v6.1.67

v6.1.68

v6.1.69

v6.1.7

v6.1.70

v6.1.71

v6.1.72

v6.1.73

v6.1.74

v6.1.75

v6.1.76

v6.1.77

v6.1.78

v6.1.79

v6.1.8

v6.1.80

v6.1.81

v6.1.82

v6.1.83

v6.1.84

v6.1.85

v6.1.86

v6.1.87

v6.1.88

v6.1.89

v6.1.9

v6.1.90

v6.1.91

v6.1.92

v6.1.93

v6.1.94

v6.1.95

v6.1.96

v6.1.97

v6.1.98

v6.1.99

v6.10

v6.10-rc1

v6.10-rc2

v6.10-rc3

v6.10-rc4

v6.10-rc5

v6.10-rc6

v6.10-rc7

v6.11

v6.11-rc1

v6.11-rc2

v6.11-rc3

v6.11-rc4

v6.11-rc5

v6.11-rc6

v6.11-rc7

v6.12

v6.12-rc1

v6.12-rc2

v6.12-rc3

v6.12-rc4

v6.12-rc5

v6.12-rc6

v6.12-rc7

v6.12.1

v6.12.2

v6.12.3

v6.12.4

v6.2

v6.2-rc1

v6.2-rc2

v6.2-rc3

v6.2-rc4

v6.2-rc5

v6.2-rc6

v6.2-rc7

v6.2-rc8

v6.3

v6.3-rc1

v6.3-rc2

v6.3-rc3

v6.3-rc4

v6.3-rc5

v6.3-rc6

v6.3-rc7

v6.4

v6.4-rc1

v6.4-rc2

v6.4-rc3

v6.4-rc4

v6.4-rc5

v6.4-rc6

v6.4-rc7

v6.5

v6.5-rc1

v6.5-rc2

v6.5-rc3

v6.5-rc4

v6.5-rc5

v6.5-rc6

v6.5-rc7

v6.6

v6.6-rc1

v6.6-rc2

v6.6-rc3

v6.6-rc4

v6.6-rc5

v6.6-rc6

v6.6-rc7

v6.6.1

v6.6.10

v6.6.11

v6.6.12

v6.6.13

v6.6.14

v6.6.15

v6.6.16

v6.6.17

v6.6.18

v6.6.19

v6.6.2

v6.6.20

v6.6.21

v6.6.22

v6.6.23

v6.6.24

v6.6.25

v6.6.26

v6.6.27

v6.6.28

v6.6.29

v6.6.3

v6.6.30

v6.6.31

v6.6.32

v6.6.33

v6.6.34

v6.6.35

v6.6.36

v6.6.37

v6.6.38

v6.6.39

v6.6.4

v6.6.40

v6.6.41

v6.6.42

v6.6.43

v6.6.44

v6.6.45

v6.6.46

v6.6.47

v6.6.48

v6.6.49

v6.6.5

v6.6.50

v6.6.51

v6.6.52

v6.6.53

v6.6.54

v6.6.55

v6.6.56

v6.6.57

v6.6.58

v6.6.59

v6.6.6

v6.6.60

v6.6.61

v6.6.62

v6.6.63

v6.6.64

v6.6.65

v6.6.7

v6.6.8

v6.6.9

v6.7

v6.7-rc1

v6.7-rc2

v6.7-rc3

v6.7-rc4

v6.7-rc5

v6.7-rc6

v6.7-rc7

v6.7-rc8

v6.8

v6.8-rc1

v6.8-rc2

v6.8-rc3

v6.8-rc4

v6.8-rc5

v6.8-rc6

v6.8-rc7

v6.9

v6.9-rc1

v6.9-rc2

v6.9-rc3

v6.9-rc4

v6.9-rc5

v6.9-rc6

v6.9-rc7

Database specific

vanir_signatures

[
    {
        "id": "CVE-2024-56585-2ecdaf68",
        "target": {
            "file": "arch/loongarch/mm/tlb.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "206491576885582144010797504364228153016",
                "33221707222293442382215430469768984235",
                "24411412993732285694059770042949761006",
                "223315672080439837209945182606786984423"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@08715b741f9b2a925d6485491e4907f3b29bac70",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2024-56585-3305870d",
        "target": {
            "file": "arch/loongarch/mm/tlb.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "206491576885582144010797504364228153016",
                "33221707222293442382215430469768984235",
                "24411412993732285694059770042949761006",
                "223315672080439837209945182606786984423"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c5f89458a2ea0800866b9fc690d3fa8367dc8f8d",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2024-56585-385ed5ff",
        "target": {
            "file": "arch/loongarch/mm/tlb.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "137450311958023418296143568197156899644",
                "165970711165652551144900484332395997431",
                "317068463745326902510638998847394965280",
                "223315672080439837209945182606786984423"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6575e0867bd478a5d7ef1783ca1e73160807d238",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2024-56585-3ba8b6c9",
        "target": {
            "file": "arch/loongarch/mm/tlb.c",
            "function": "setup_tlb_handler"
        },
        "digest": {
            "length": 1312.0,
            "function_hash": "12956577689540914233948842553064728135"
        },
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@88fd2b70120d52c1010257d36776876941375490",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2024-56585-844b064f",
        "target": {
            "file": "arch/loongarch/mm/tlb.c",
            "function": "setup_tlb_handler"
        },
        "digest": {
            "length": 1312.0,
            "function_hash": "12956577689540914233948842553064728135"
        },
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6575e0867bd478a5d7ef1783ca1e73160807d238",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2024-56585-b627c1e0",
        "target": {
            "file": "arch/loongarch/mm/tlb.c",
            "function": "setup_tlb_handler"
        },
        "digest": {
            "length": 1722.0,
            "function_hash": "69893730113162660391416165138695542437"
        },
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c5f89458a2ea0800866b9fc690d3fa8367dc8f8d",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2024-56585-dbdf0785",
        "target": {
            "file": "arch/loongarch/mm/tlb.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "137450311958023418296143568197156899644",
                "165970711165652551144900484332395997431",
                "317068463745326902510638998847394965280",
                "223315672080439837209945182606786984423"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@88fd2b70120d52c1010257d36776876941375490",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2024-56585-facefdb3",
        "target": {
            "file": "arch/loongarch/mm/tlb.c",
            "function": "setup_tlb_handler"
        },
        "digest": {
            "length": 1398.0,
            "function_hash": "259961468590205939763959756863175235542"
        },
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@08715b741f9b2a925d6485491e4907f3b29bac70",
        "signature_version": "v1"
    }
]

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.19.0

Fixed

6.1.120

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.6.66

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.12.5