In the Linux kernel, the following vulnerability has been resolved:
page_pool: avoid infinite loop to schedule delayed worker
We noticed the kworker in pagepoolreleaseretry() was waken up repeatedly and infinitely in production because of the buggy driver causing the inflight less than 0 and warning us in pagepool_inflight()[1].
Since the inflight value goes negative, it means we should not expect the whole page_pool to get back to work normally.
This patch mitigates the adverse effect by not rescheduling the kworker when detecting the inflight negative in pagepoolrelease_retry().
[1] [Mon Feb 10 20:36:11 2025] ------------[ cut here ]------------ [Mon Feb 10 20:36:11 2025] Negative(-51446) inflight packet-pages ... [Mon Feb 10 20:36:11 2025] Call Trace: [Mon Feb 10 20:36:11 2025] pagepoolreleaseretry+0x23/0x70 [Mon Feb 10 20:36:11 2025] processonework+0x1b1/0x370 [Mon Feb 10 20:36:11 2025] workerthread+0x37/0x3a0 [Mon Feb 10 20:36:11 2025] kthread+0x11a/0x140 [Mon Feb 10 20:36:11 2025] ? processonework+0x370/0x370 [Mon Feb 10 20:36:11 2025] ? _kthreadcancelwork+0x40/0x40 [Mon Feb 10 20:36:11 2025] retfromfork+0x35/0x40 [Mon Feb 10 20:36:11 2025] ---[ end trace ebffe800f33e7e34 ]--- Note: before this patch, the above calltrace would flood the dmesg due to repeated reschedule of releasedw kworker.