ghsa-cqg5-xfgj-qvgx
Vulnerability from github
Published
2024-11-21 21:33
Modified
2024-12-24 15:30
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details

In the Linux kernel, the following vulnerability has been resolved:

LoongArch: KVM: Mark hrtimer to expire in hard interrupt context

Like commit 2c0d278f3293f ("KVM: LAPIC: Mark hrtimer to expire in hard interrupt context") and commit 9090825fa9974 ("KVM: arm/arm64: Let the timer expire in hardirq context on RT"), On PREEMPT_RT enabled kernels unmarked hrtimers are moved into soft interrupt expiry mode by default. Then the timers are canceled from an preempt-notifier which is invoked with disabled preemption which is not allowed on PREEMPT_RT.

The timer callback is short so in could be invoked in hard-IRQ context. So let the timer expire on hard-IRQ context even on -RT.

This fix a "scheduling while atomic" bug for PREEMPT_RT enabled kernels:

BUG: scheduling while atomic: qemu-system-loo/1011/0x00000002 Modules linked in: amdgpu rfkill nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat ns CPU: 1 UID: 0 PID: 1011 Comm: qemu-system-loo Tainted: G W 6.12.0-rc2+ #1774 Tainted: [W]=WARN Hardware name: Loongson Loongson-3A5000-7A1000-1w-CRB/Loongson-LS3A5000-7A1000-1w-CRB, BIOS vUDK2018-LoongArch-V2.0.0-prebeta9 10/21/2022 Stack : ffffffffffffffff 0000000000000000 9000000004e3ea38 9000000116744000 90000001167475a0 0000000000000000 90000001167475a8 9000000005644830 90000000058dc000 90000000058dbff8 9000000116747420 0000000000000001 0000000000000001 6a613fc938313980 000000000790c000 90000001001c1140 00000000000003fe 0000000000000001 000000000000000d 0000000000000003 0000000000000030 00000000000003f3 000000000790c000 9000000116747830 90000000057ef000 0000000000000000 9000000005644830 0000000000000004 0000000000000000 90000000057f4b58 0000000000000001 9000000116747868 900000000451b600 9000000005644830 9000000003a13998 0000000010000020 00000000000000b0 0000000000000004 0000000000000000 0000000000071c1d ... Call Trace: [<9000000003a13998>] show_stack+0x38/0x180 [<9000000004e3ea34>] dump_stack_lvl+0x84/0xc0 [<9000000003a71708>] __schedule_bug+0x48/0x60 [<9000000004e45734>] __schedule+0x1114/0x1660 [<9000000004e46040>] schedule_rtlock+0x20/0x60 [<9000000004e4e330>] rtlock_slowlock_locked+0x3f0/0x10a0 [<9000000004e4f038>] rt_spin_lock+0x58/0x80 [<9000000003b02d68>] hrtimer_cancel_wait_running+0x68/0xc0 [<9000000003b02e30>] hrtimer_cancel+0x70/0x80 [] kvm_restore_timer+0x50/0x1a0 [kvm] [] kvm_arch_vcpu_load+0x68/0x2a0 [kvm] [] kvm_sched_in+0x34/0x60 [kvm] [<9000000003a749a0>] finish_task_switch.isra.0+0x140/0x2e0 [<9000000004e44a70>] __schedule+0x450/0x1660 [<9000000004e45cb0>] schedule+0x30/0x180 [] kvm_vcpu_block+0x70/0x120 [kvm] [] kvm_vcpu_halt+0x60/0x3e0 [kvm] [] kvm_handle_gspr+0x3f4/0x4e0 [kvm] [] kvm_handle_exit+0x1c8/0x260 [kvm]

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2024-53089"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-21T19:15:11Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: KVM: Mark hrtimer to expire in hard interrupt context\n\nLike commit 2c0d278f3293f (\"KVM: LAPIC: Mark hrtimer to expire in hard\ninterrupt context\") and commit 9090825fa9974 (\"KVM: arm/arm64: Let the\ntimer expire in hardirq context on RT\"), On PREEMPT_RT enabled kernels\nunmarked hrtimers are moved into soft interrupt expiry mode by default.\nThen the timers are canceled from an preempt-notifier which is invoked\nwith disabled preemption which is not allowed on PREEMPT_RT.\n\nThe timer callback is short so in could be invoked in hard-IRQ context.\nSo let the timer expire on hard-IRQ context even on -RT.\n\nThis fix a \"scheduling while atomic\" bug for PREEMPT_RT enabled kernels:\n\n BUG: scheduling while atomic: qemu-system-loo/1011/0x00000002\n Modules linked in: amdgpu rfkill nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat ns\n CPU: 1 UID: 0 PID: 1011 Comm: qemu-system-loo Tainted: G        W          6.12.0-rc2+ #1774\n Tainted: [W]=WARN\n Hardware name: Loongson Loongson-3A5000-7A1000-1w-CRB/Loongson-LS3A5000-7A1000-1w-CRB, BIOS vUDK2018-LoongArch-V2.0.0-prebeta9 10/21/2022\n Stack : ffffffffffffffff 0000000000000000 9000000004e3ea38 9000000116744000\n         90000001167475a0 0000000000000000 90000001167475a8 9000000005644830\n         90000000058dc000 90000000058dbff8 9000000116747420 0000000000000001\n         0000000000000001 6a613fc938313980 000000000790c000 90000001001c1140\n         00000000000003fe 0000000000000001 000000000000000d 0000000000000003\n         0000000000000030 00000000000003f3 000000000790c000 9000000116747830\n         90000000057ef000 0000000000000000 9000000005644830 0000000000000004\n         0000000000000000 90000000057f4b58 0000000000000001 9000000116747868\n         900000000451b600 9000000005644830 9000000003a13998 0000000010000020\n         00000000000000b0 0000000000000004 0000000000000000 0000000000071c1d\n         ...\n Call Trace:\n [\u003c9000000003a13998\u003e] show_stack+0x38/0x180\n [\u003c9000000004e3ea34\u003e] dump_stack_lvl+0x84/0xc0\n [\u003c9000000003a71708\u003e] __schedule_bug+0x48/0x60\n [\u003c9000000004e45734\u003e] __schedule+0x1114/0x1660\n [\u003c9000000004e46040\u003e] schedule_rtlock+0x20/0x60\n [\u003c9000000004e4e330\u003e] rtlock_slowlock_locked+0x3f0/0x10a0\n [\u003c9000000004e4f038\u003e] rt_spin_lock+0x58/0x80\n [\u003c9000000003b02d68\u003e] hrtimer_cancel_wait_running+0x68/0xc0\n [\u003c9000000003b02e30\u003e] hrtimer_cancel+0x70/0x80\n [\u003cffff80000235eb70\u003e] kvm_restore_timer+0x50/0x1a0 [kvm]\n [\u003cffff8000023616c8\u003e] kvm_arch_vcpu_load+0x68/0x2a0 [kvm]\n [\u003cffff80000234c2d4\u003e] kvm_sched_in+0x34/0x60 [kvm]\n [\u003c9000000003a749a0\u003e] finish_task_switch.isra.0+0x140/0x2e0\n [\u003c9000000004e44a70\u003e] __schedule+0x450/0x1660\n [\u003c9000000004e45cb0\u003e] schedule+0x30/0x180\n [\u003cffff800002354c70\u003e] kvm_vcpu_block+0x70/0x120 [kvm]\n [\u003cffff800002354d80\u003e] kvm_vcpu_halt+0x60/0x3e0 [kvm]\n [\u003cffff80000235b194\u003e] kvm_handle_gspr+0x3f4/0x4e0 [kvm]\n [\u003cffff80000235f548\u003e] kvm_handle_exit+0x1c8/0x260 [kvm]",
  "id": "GHSA-cqg5-xfgj-qvgx",
  "modified": "2024-12-24T15:30:31Z",
  "published": "2024-11-21T21:33:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53089"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1e4c384a4be9ed1e069e24f388ab2ee9951b77b5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/73adbd92f3223dc0c3506822b71c6b259d5d537b"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.