| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025032703-CVE-2024-58090-fddc@gregkh> Date: Thu, 27 Mar 2025 15:58:04 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-58090: sched/core: Prevent rescheduling when interrupts are disabled Description =========== In the Linux kernel, the following vulnerability has been resolved: sched/core: Prevent rescheduling when interrupts are disabled David reported a warning observed while loop testing kexec jump: Interrupts enabled after irqrouter_resume+0x0/0x50 WARNING: CPU: 0 PID: 560 at drivers/base/syscore.c:103 syscore_resume+0x18a/0x220 kernel_kexec+0xf6/0x180 __do_sys_reboot+0x206/0x250 do_syscall_64+0x95/0x180 The corresponding interrupt flag trace: hardirqs last enabled at (15573): [<ffffffffa8281b8e>] __up_console_sem+0x7e/0x90 hardirqs last disabled at (15580): [<ffffffffa8281b73>] __up_console_sem+0x63/0x90 That means __up_console_sem() was invoked with interrupts enabled. Further instrumentation revealed that in the interrupt disabled section of kexec jump one of the syscore_suspend() callbacks woke up a task, which set the NEED_RESCHED flag. A later callback in the resume path invoked cond_resched() which in turn led to the invocation of the scheduler: __cond_resched+0x21/0x60 down_timeout+0x18/0x60 acpi_os_wait_semaphore+0x4c/0x80 acpi_ut_acquire_mutex+0x3d/0x100 acpi_ns_get_node+0x27/0x60 acpi_ns_evaluate+0x1cb/0x2d0 acpi_rs_set_srs_method_data+0x156/0x190 acpi_pci_link_set+0x11c/0x290 irqrouter_resume+0x54/0x60 syscore_resume+0x6a/0x200 kernel_kexec+0x145/0x1c0 __do_sys_reboot+0xeb/0x240 do_syscall_64+0x95/0x180 This is a long standing problem, which probably got more visible with the recent printk changes. Something does a task wakeup and the scheduler sets the NEED_RESCHED flag. cond_resched() sees it set and invokes schedule() from a completely bogus context. The scheduler enables interrupts after context switching, which causes the above warning at the end. Quite some of the code paths in syscore_suspend()/resume() can result in triggering a wakeup with the exactly same consequences. They might not have done so yet, but as they share a lot of code with normal operations it's just a question of time. The problem only affects the PREEMPT_NONE and PREEMPT_VOLUNTARY scheduling models. Full preemption is not affected as cond_resched() is disabled and the preemption check preemptible() takes the interrupt disabled flag into account. Cure the problem by adding a corresponding check into cond_resched(). The Linux kernel CVE team has assigned CVE-2024-58090 to this issue. Affected and fixed versions =========================== Fixed in 5.4.291 with commit 321794b75ac968f0bb6b9c913581949452a8d992 Fixed in 5.10.235 with commit 1651f5731b378616565534eb9cda30e258cebebc Fixed in 5.15.179 with commit 288fdb8dcb71ec77b76ab8b8a06bc10f595ea504 Fixed in 6.1.130 with commit 84586322e010164eedddfcd0a0894206ae7d9317 Fixed in 6.6.81 with commit 68786ab0935ccd5721283b7eb7f4d2f2942c7a52 Fixed in 6.12.18 with commit 0362847c520747b44b574d363705d8af0621727a Fixed in 6.13.6 with commit b927c8539f692fb1f9c2f42e6c8ea2d94956f921 Fixed in 6.14 with commit 82c387ef7568c0d96a918a5a78d9cad6256cfa15 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-58090 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: kernel/sched/core.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/321794b75ac968f0bb6b9c913581949452a8d992 https://git.kernel.org/stable/c/1651f5731b378616565534eb9cda30e258cebebc https://git.kernel.org/stable/c/288fdb8dcb71ec77b76ab8b8a06bc10f595ea504 https://git.kernel.org/stable/c/84586322e010164eedddfcd0a0894206ae7d9317 https://git.kernel.org/stable/c/68786ab0935ccd5721283b7eb7f4d2f2942c7a52 https://git.kernel.org/stable/c/0362847c520747b44b574d363705d8af0621727a https://git.kernel.org/stable/c/b927c8539f692fb1f9c2f42e6c8ea2d94956f921 https://git.kernel.org/stable/c/82c387ef7568c0d96a918a5a78d9cad6256cfa15
Powered by blists - more mailing lists