DEBIAN-CVE-2024-46789

In the Linux kernel, the following vulnerability has been resolved: mm/slub: add check for s->flags in the alloctaggingslabfreehook When enable CONFIGMEMCG & CONFIGKFENCE & CONFIGKMEMLEAK, the following warning always occurs,This is because the following call stack occurred: mempoolalloc kmemcacheallocnoprof slaballocnode kfencealloc Once the kfence allocation is successful,slab->objexts will not be empty, because it has already been assigned a value in kfenceinitpool. Since in the prepareslabobjextshook function,we perform a check for s->flags & (SLABNOOBJEXT | SLABNOLEAKTRACE),the alloctagadd function will not be called as a result.Therefore,ref->ct remains NULL. However,when we call mempoolfree,since objext is not empty, it eventually leads to the alloctagsub scenario being invoked. This is where the warning occurs. So we should add corresponding checks in the alloctaggingslabfreehook. For _GFPNOOBJEXT case,I didn't see the specific case where it's using kfence,so I won't add the corresponding check in alloctaggingslabfreehook for now. [ 3.734349] ------------[ cut here ]------------ [ 3.734807] alloctag was not set [ 3.735129] WARNING: CPU: 4 PID: 40 at ./include/linux/alloctag.h:130 kmemcachefree+0x444/0x574 [ 3.735866] Modules linked in: autofs4 [ 3.736211] CPU: 4 UID: 0 PID: 40 Comm: ksoftirqd/4 Tainted: G W 6.11.0-rc3-dirty #1 [ 3.736969] Tainted: [W]=WARN [ 3.737258] Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022 [ 3.737875] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 3.738501] pc : kmemcachefree+0x444/0x574 [ 3.738951] lr : kmemcachefree+0x444/0x574 [ 3.739361] sp : ffff80008357bb60 [ 3.739693] x29: ffff80008357bb70 x28: 0000000000000000 x27: 0000000000000000 [ 3.740338] x26: ffff80008207f000 x25: ffff000b2eb2fd60 x24: ffff0000c0005700 [ 3.740982] x23: ffff8000804229e4 x22: ffff800082080000 x21: ffff800081756000 [ 3.741630] x20: fffffd7ff8253360 x19: 00000000000000a8 x18: ffffffffffffffff [ 3.742274] x17: ffff800ab327f000 x16: ffff800083398000 x15: ffff800081756df0 [ 3.742919] x14: 0000000000000000 x13: 205d344320202020 x12: 5b5d373038343337 [ 3.743560] x11: ffff80008357b650 x10: 000000000000005d x9 : 00000000ffffffd0 [ 3.744231] x8 : 7f7f7f7f7f7f7f7f x7 : ffff80008237bad0 x6 : c0000000ffff7fff [ 3.744907] x5 : ffff80008237ba78 x4 : ffff8000820bbad0 x3 : 0000000000000001 [ 3.745580] x2 : 68d66547c09f7800 x1 : 68d66547c09f7800 x0 : 0000000000000000 [ 3.746255] Call trace: [ 3.746530] kmemcachefree+0x444/0x574 [ 3.746931] mempoolfree+0x44/0xf4 [ 3.747306] freeobjectrcu+0xc8/0xdc [ 3.747693] rcudobatch+0x234/0x8a4 [ 3.748075] rcucore+0x230/0x3e4 [ 3.748424] rcucoresi+0x14/0x1c [ 3.748780] handlesoftirqs+0x134/0x378 [ 3.749189] runksoftirqd+0x70/0x9c [ 3.749560] smpbootthreadfn+0x148/0x22c [ 3.749978] kthread+0x10c/0x118 [ 3.750323] retfromfork+0x10/0x20 [ 3.750696] ---[ end trace 0000000000000000 ]---