fkie_cve-2024-57884
Vulnerability from fkie_nvd
Published
2025-01-15 13:15
Modified
2025-01-15 13:15
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() The task sometimes continues looping in throttle_direct_reclaim() because allow_direct_reclaim(pgdat) keeps returning false. #0 [ffff80002cb6f8d0] __switch_to at ffff8000080095ac #1 [ffff80002cb6f900] __schedule at ffff800008abbd1c #2 [ffff80002cb6f990] schedule at ffff800008abc50c #3 [ffff80002cb6f9b0] throttle_direct_reclaim at ffff800008273550 #4 [ffff80002cb6fa20] try_to_free_pages at ffff800008277b68 #5 [ffff80002cb6fae0] __alloc_pages_nodemask at ffff8000082c4660 #6 [ffff80002cb6fc50] alloc_pages_vma at ffff8000082e4a98 #7 [ffff80002cb6fca0] do_anonymous_page at ffff80000829f5a8 #8 [ffff80002cb6fce0] __handle_mm_fault at ffff8000082a5974 #9 [ffff80002cb6fd90] handle_mm_fault at ffff8000082a5bd4 At this point, the pgdat contains the following two zones: NODE: 4 ZONE: 0 ADDR: ffff00817fffe540 NAME: "DMA32" SIZE: 20480 MIN/LOW/HIGH: 11/28/45 VM_STAT: NR_FREE_PAGES: 359 NR_ZONE_INACTIVE_ANON: 18813 NR_ZONE_ACTIVE_ANON: 0 NR_ZONE_INACTIVE_FILE: 50 NR_ZONE_ACTIVE_FILE: 0 NR_ZONE_UNEVICTABLE: 0 NR_ZONE_WRITE_PENDING: 0 NR_MLOCK: 0 NR_BOUNCE: 0 NR_ZSPAGES: 0 NR_FREE_CMA_PAGES: 0 NODE: 4 ZONE: 1 ADDR: ffff00817fffec00 NAME: "Normal" SIZE: 8454144 PRESENT: 98304 MIN/LOW/HIGH: 68/166/264 VM_STAT: NR_FREE_PAGES: 146 NR_ZONE_INACTIVE_ANON: 94668 NR_ZONE_ACTIVE_ANON: 3 NR_ZONE_INACTIVE_FILE: 735 NR_ZONE_ACTIVE_FILE: 78 NR_ZONE_UNEVICTABLE: 0 NR_ZONE_WRITE_PENDING: 0 NR_MLOCK: 0 NR_BOUNCE: 0 NR_ZSPAGES: 0 NR_FREE_CMA_PAGES: 0 In allow_direct_reclaim(), while processing ZONE_DMA32, the sum of inactive/active file-backed pages calculated in zone_reclaimable_pages() based on the result of zone_page_state_snapshot() is zero. Additionally, since this system lacks swap, the calculation of inactive/ active anonymous pages is skipped. crash> p nr_swap_pages nr_swap_pages = $1937 = { counter = 0 } As a result, ZONE_DMA32 is deemed unreclaimable and skipped, moving on to the processing of the next zone, ZONE_NORMAL, despite ZONE_DMA32 having free pages significantly exceeding the high watermark. The problem is that the pgdat->kswapd_failures hasn't been incremented. crash> px ((struct pglist_data *) 0xffff00817fffe540)->kswapd_failures $1935 = 0x0 This is because the node deemed balanced. The node balancing logic in balance_pgdat() evaluates all zones collectively. If one or more zones (e.g., ZONE_DMA32) have enough free pages to meet their watermarks, the entire node is deemed balanced. This causes balance_pgdat() to exit early before incrementing the kswapd_failures, as it considers the overall memory state acceptable, even though some zones (like ZONE_NORMAL) remain under significant pressure. The patch ensures that zone_reclaimable_pages() includes free pages (NR_FREE_PAGES) in its calculation when no other reclaimable pages are available (e.g., file-backed or anonymous pages). This change prevents zones like ZONE_DMA32, which have sufficient free pages, from being mistakenly deemed unreclaimable. By doing so, the patch ensures proper node balancing, avoids masking pressure on other zones like ZONE_NORMAL, and prevents infinite loops in throttle_direct_reclaim() caused by allow_direct_reclaim(pgdat) repeatedly returning false. The kernel hangs due to a task stuck in throttle_direct_reclaim(), caused by a node being incorrectly deemed balanced despite pressure in certain zones, such as ZONE_NORMAL. This issue arises from zone_reclaimable_pages ---truncated---
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/1ff2302e8aeac7f2eedb551d7a89617283b5c6b2
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/58d0d02dbc67438fc80223fdd7bbc49cf0733284
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/63eac98d6f0898229f515cb62fe4e4db2430e99c
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/66cd37660ec34ec444fe42f2277330ae4a36bb19
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/6aaced5abd32e2a57cd94fd64f824514d0361da8
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/bfb701192129803191c9cd6cdd1f82cd07f8de2c
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/d675fefbaec3815b3ae0af1bebd97f27df3a05c8
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim()\n\nThe task sometimes continues looping in throttle_direct_reclaim() because\nallow_direct_reclaim(pgdat) keeps returning false.  \n\n #0 [ffff80002cb6f8d0] __switch_to at ffff8000080095ac\n #1 [ffff80002cb6f900] __schedule at ffff800008abbd1c\n #2 [ffff80002cb6f990] schedule at ffff800008abc50c\n #3 [ffff80002cb6f9b0] throttle_direct_reclaim at ffff800008273550\n #4 [ffff80002cb6fa20] try_to_free_pages at ffff800008277b68\n #5 [ffff80002cb6fae0] __alloc_pages_nodemask at ffff8000082c4660\n #6 [ffff80002cb6fc50] alloc_pages_vma at ffff8000082e4a98\n #7 [ffff80002cb6fca0] do_anonymous_page at ffff80000829f5a8\n #8 [ffff80002cb6fce0] __handle_mm_fault at ffff8000082a5974\n #9 [ffff80002cb6fd90] handle_mm_fault at ffff8000082a5bd4\n\nAt this point, the pgdat contains the following two zones:\n\n        NODE: 4  ZONE: 0  ADDR: ffff00817fffe540  NAME: \"DMA32\"\n          SIZE: 20480  MIN/LOW/HIGH: 11/28/45\n          VM_STAT:\n                NR_FREE_PAGES: 359\n        NR_ZONE_INACTIVE_ANON: 18813\n          NR_ZONE_ACTIVE_ANON: 0\n        NR_ZONE_INACTIVE_FILE: 50\n          NR_ZONE_ACTIVE_FILE: 0\n          NR_ZONE_UNEVICTABLE: 0\n        NR_ZONE_WRITE_PENDING: 0\n                     NR_MLOCK: 0\n                    NR_BOUNCE: 0\n                   NR_ZSPAGES: 0\n            NR_FREE_CMA_PAGES: 0\n\n        NODE: 4  ZONE: 1  ADDR: ffff00817fffec00  NAME: \"Normal\"\n          SIZE: 8454144  PRESENT: 98304  MIN/LOW/HIGH: 68/166/264\n          VM_STAT:\n                NR_FREE_PAGES: 146\n        NR_ZONE_INACTIVE_ANON: 94668\n          NR_ZONE_ACTIVE_ANON: 3\n        NR_ZONE_INACTIVE_FILE: 735\n          NR_ZONE_ACTIVE_FILE: 78\n          NR_ZONE_UNEVICTABLE: 0\n        NR_ZONE_WRITE_PENDING: 0\n                     NR_MLOCK: 0\n                    NR_BOUNCE: 0\n                   NR_ZSPAGES: 0\n            NR_FREE_CMA_PAGES: 0\n\nIn allow_direct_reclaim(), while processing ZONE_DMA32, the sum of\ninactive/active file-backed pages calculated in zone_reclaimable_pages()\nbased on the result of zone_page_state_snapshot() is zero.  \n\nAdditionally, since this system lacks swap, the calculation of inactive/\nactive anonymous pages is skipped.\n\n        crash\u003e p nr_swap_pages\n        nr_swap_pages = $1937 = {\n          counter = 0\n        }\n\nAs a result, ZONE_DMA32 is deemed unreclaimable and skipped, moving on to\nthe processing of the next zone, ZONE_NORMAL, despite ZONE_DMA32 having\nfree pages significantly exceeding the high watermark.\n\nThe problem is that the pgdat-\u003ekswapd_failures hasn\u0027t been incremented.\n\n        crash\u003e px ((struct pglist_data *) 0xffff00817fffe540)-\u003ekswapd_failures\n        $1935 = 0x0\n\nThis is because the node deemed balanced.  The node balancing logic in\nbalance_pgdat() evaluates all zones collectively.  If one or more zones\n(e.g., ZONE_DMA32) have enough free pages to meet their watermarks, the\nentire node is deemed balanced.  This causes balance_pgdat() to exit early\nbefore incrementing the kswapd_failures, as it considers the overall\nmemory state acceptable, even though some zones (like ZONE_NORMAL) remain\nunder significant pressure.\n\n\nThe patch ensures that zone_reclaimable_pages() includes free pages\n(NR_FREE_PAGES) in its calculation when no other reclaimable pages are\navailable (e.g., file-backed or anonymous pages).  This change prevents\nzones like ZONE_DMA32, which have sufficient free pages, from being\nmistakenly deemed unreclaimable.  By doing so, the patch ensures proper\nnode balancing, avoids masking pressure on other zones like ZONE_NORMAL,\nand prevents infinite loops in throttle_direct_reclaim() caused by\nallow_direct_reclaim(pgdat) repeatedly returning false.\n\n\nThe kernel hangs due to a task stuck in throttle_direct_reclaim(), caused\nby a node being incorrectly deemed balanced despite pressure in certain\nzones, such as ZONE_NORMAL.  This issue arises from\nzone_reclaimable_pages\n---truncated---"
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm: vmscan: tiene en cuenta las p\u00e1ginas libres para evitar un bucle infinito en throttle_direct_reclaim() La tarea a veces contin\u00faa en bucle en throttle_direct_reclaim() porque allow_direct_reclaim(pgdat) sigue devolviendo falso. #0 [ffff80002cb6f8d0] __switch_to en ffff8000080095ac #1 [ffff80002cb6f900] __schedule en ffff800008abbd1c #2 [ffff80002cb6f990] schedule en ffff800008abc50c #3 [ffff80002cb6f9b0] throttle_direct_reclaim en ffff800008273550 #4 [ffff80002cb6fa20] try_to_free_pages en ffff800008277b68 #5 [ffff80002cb6fae0] __alloc_pages_nodemask en ffff8000082c4660 #6 [ffff80002cb6fc50] alloc_pages_vma en ffff8000082e4a98 #7 [ffff80002cb6fca0] do_anonymous_page en ffff80000829f5a8 #8 [ffff80002cb6fce0] __handle_mm_fault en ffff8000082a5974 #9 [ffff80002cb6fd90] handle_mm_fault en ffff8000082a5bd4 En este punto, el pgdat contiene las siguientes dos zonas: NODO: 4 ZONA: 0 DIRECCI\u00d3N: ffff00817fffe540 NOMBRE: \"DMA32\" TAMA\u00d1O: 20480 M\u00cdN./BAJO/ALTO: 11/28/45 ESTAD\u00cdSTICA DE VM: NR_P\u00c1GINAS_LIBRES: 359 NR_ZONA_INACTIVA_ANON: 18813 NR_ZONA_ACTIVA_ANON: 0 NR_ZONA_ARCHIVO_INACTIVO: 50 NR_ZONA_ARCHIVO_ACTIVO: 0 NR_ZONA_UNEVICTABLE: 0 NR_ZONA_ESCRITURA_PENDIENTE: 0 NR_MLOCK: 0 NR_BOUNCE: 0 NR_ZSPAGES: 0 NR_P\u00c1GINAS_CMA_LIBRES: 0 NODO: 4 ZONA: 1 DIRECCI\u00d3N: ffff00817fffec00 NOMBRE: \"Normal\" TAMA\u00d1O: 8454144 PRESENTE: 98304 M\u00cdN./BAJO/ALTO: 68/166/264 ESTAD\u00cdSTICO_VM: NR_P\u00c1GINAS_LIBRES: 146 NR_ZONE_INACTIVE_ANON: 94668 NR_ZONE_ACTIVE_ANON: 3 NR_ZONE_INACTIVE_FILE: 735 NR_ZONE_ACTIVE_FILE: 78 NR_ZONE_UNEVICTABLE: 0 NR_ZONE_WRITE_PENDING: 0 NR_MLOCK: 0 NR_BOUNCE: 0 NR_ZSPAGES: 0 NR_FREE_CMA_PAGES: 0 En allow_direct_reclaim(), mientras se procesa ZONE_DMA32, la suma de p\u00e1ginas inactivas/activas respaldadas por archivos calculada en zone_reclaimable_pages() en funci\u00f3n del resultado de zone_page_state_snapshot() es cero. Adem\u00e1s, dado que este sistema carece de intercambio, se omite el c\u00e1lculo de p\u00e1ginas an\u00f3nimas inactivas/activas. crash\u0026gt; p nr_swap_pages nr_swap_pages = $1937 = { counter = 0 } Como resultado, ZONE_DMA32 se considera irrecuperable y se omite, pasando al procesamiento de la siguiente zona, ZONE_NORMAL, a pesar de que ZONE_DMA32 tiene p\u00e1ginas libres que exceden significativamente la marca de agua alta. El problema es que pgdat-\u0026gt;kswapd_failures no se ha incrementado. crash\u0026gt; px ((struct pglist_data *) 0xffff00817fffe540)-\u0026gt;kswapd_failures $1935 = 0x0 Esto se debe a que el nodo se considera equilibrado. La l\u00f3gica de equilibrio de nodos en balance_pgdat() eval\u00faa todas las zonas colectivamente. Si una o m\u00e1s zonas (por ejemplo, ZONE_DMA32) tienen suficientes p\u00e1ginas libres para cumplir con sus marcas de agua, todo el nodo se considera equilibrado. Esto hace que balance_pgdat() salga antes de incrementar kswapd_failures, ya que considera que el estado general de la memoria es aceptable, aunque algunas zonas (como ZONE_NORMAL) permanezcan bajo una presi\u00f3n significativa. El parche garantiza que zone_reclaimable_pages() incluya p\u00e1ginas libres (NR_FREE_PAGES) en su c\u00e1lculo cuando no haya otras p\u00e1ginas recuperables disponibles (por ejemplo, p\u00e1ginas an\u00f3nimas o respaldadas por archivos). Este cambio evita que zonas como ZONE_DMA32, que tienen suficientes p\u00e1ginas libres, se consideren por error no recuperables. Al hacerlo, el parche garantiza un equilibrio adecuado de los nodos, evita enmascarar la presi\u00f3n en otras zonas como ZONE_NORMAL y evita bucles infinitos en throttle_direct_reclaim() causados por allow_direct_reclaim(pgdat) que devuelve falso repetidamente. El n\u00facleo se cuelga debido a una tarea atascada en throttle_direct_reclaim(), causada por un nodo que se considera incorrectamente equilibrado a pesar de la presi\u00f3n en ciertas zonas, como ZONE_NORMAL. Este problema surge de zone_reclaimable_pages ---truncado---"
    }
  ],
  "id": "CVE-2024-57884",
  "lastModified": "2025-01-15T13:15:12.757",
  "metrics": {},
  "published": "2025-01-15T13:15:12.757",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/1ff2302e8aeac7f2eedb551d7a89617283b5c6b2"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/58d0d02dbc67438fc80223fdd7bbc49cf0733284"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/63eac98d6f0898229f515cb62fe4e4db2430e99c"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/66cd37660ec34ec444fe42f2277330ae4a36bb19"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/6aaced5abd32e2a57cd94fd64f824514d0361da8"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/bfb701192129803191c9cd6cdd1f82cd07f8de2c"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/d675fefbaec3815b3ae0af1bebd97f27df3a05c8"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.