Ubuntu.comUB:CVE-2024-40980CVE-2024-40980
In the Linux kernel, the following vulnerability has been resolved:
drop_monitor: replace spin_lock by raw_spin_lock
trace_drop_common() is called with preemption disabled, and it acquires
a spin_lock. This is problematic for RT kernels because spin_locks are
sleeping locks in this configuration, which causes the following splat:
BUG: sleeping function called from invalid context at
kernel/locking/spinlock_rt.c:48
in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 449, name: rcuc/47
preempt_count: 1, expected: 0
RCU nest depth: 2, expected: 2
5 locks held by rcuc/47/449:
#0: ff1100086ec30a60 ((softirq_ctrl.lock)){+.+.}-{2:2}, at:
__local_bh_disable_ip+0x105/0x210
#1: ffffffffb394a280 (rcu_read_lock){…}-{1:2}, at:
rt_spin_lock+0xbf/0x130
#2: ffffffffb394a280 (rcu_read_lock){…}-{1:2}, at:
__local_bh_disable_ip+0x11c/0x210
#3: ffffffffb394a160 (rcu_callback){…}-{0:0}, at:
rcu_do_batch+0x360/0xc70
#4: ff1100086ee07520 (&data->lock){+.+.}-{2:2}, at:
trace_drop_common.constprop.0+0xb5/0x290
irq event stamp: 139909
hardirqs last enabled at (139908): [<ffffffffb1df2b33>]
_raw_spin_unlock_irqrestore+0x63/0x80
hardirqs last disabled at (139909): [<ffffffffb19bd03d>]
trace_drop_common.constprop.0+0x26d/0x290
softirqs last enabled at (139892): [<ffffffffb07a1083>]
__local_bh_enable_ip+0x103/0x170
softirqs last disabled at (139898): [<ffffffffb0909b33>]
rcu_cpu_kthread+0x93/0x1f0
Preemption disabled at:
[<ffffffffb1de786b>] rt_mutex_slowunlock+0xab/0x2e0
CPU: 47 PID: 449 Comm: rcuc/47 Not tainted 6.9.0-rc2-rt1+ #7
Hardware name: Dell Inc. PowerEdge R650/0Y2G81, BIOS 1.6.5 04/15/2022
Call Trace:
<TASK>
dump_stack_lvl+0x8c/0xd0
dump_stack+0x14/0x20
__might_resched+0x21e/0x2f0
rt_spin_lock+0x5e/0x130
? trace_drop_common.constprop.0+0xb5/0x290
? skb_queue_purge_reason.part.0+0x1bf/0x230
trace_drop_common.constprop.0+0xb5/0x290
? preempt_count_sub+0x1c/0xd0
? _raw_spin_unlock_irqrestore+0x4a/0x80
? __pfx_trace_drop_common.constprop.0+0x10/0x10
? rt_mutex_slowunlock+0x26a/0x2e0
? skb_queue_purge_reason.part.0+0x1bf/0x230
? __pfx_rt_mutex_slowunlock+0x10/0x10
? skb_queue_purge_reason.part.0+0x1bf/0x230
trace_kfree_skb_hit+0x15/0x20
trace_kfree_skb+0xe9/0x150
kfree_skb_reason+0x7b/0x110
skb_queue_purge_reason.part.0+0x1bf/0x230
? __pfx_skb_queue_purge_reason.part.0+0x10/0x10
? mark_lock.part.0+0x8a/0x520
…
trace_drop_common() also disables interrupts, but this is a minor issue
because we could easily replace it with a local_lock.
Replace the spin_lock with raw_spin_lock to avoid sleeping in atomic
context.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
| ubuntu | 22.04 | noarch | linux | < any | UNKNOWN |
| ubuntu | 24.04 | noarch | linux | < any | UNKNOWN |
| ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
| ubuntu | 22.04 | noarch | linux-aws | < any | UNKNOWN |
| ubuntu | 24.04 | noarch | linux-aws | < any | UNKNOWN |
| ubuntu | 20.04 | noarch | linux-aws-5.15 | < any | UNKNOWN |
| ubuntu | 22.04 | noarch | linux-aws-6.5 | < any | UNKNOWN |
| ubuntu | 20.04 | noarch | linux-azure | < any | UNKNOWN |
| ubuntu | 22.04 | noarch | linux-azure | < any | UNKNOWN |
References
git.kernel.org/linus/f1e197a665c2148ebc25fe09c53689e60afea195 (6.10-rc1)
git.kernel.org/stable/c/07ea878684dfb78a9d4f564c39d07e855a9e242e
git.kernel.org/stable/c/594e47957f3fe034645e6885393ce96c12286334
git.kernel.org/stable/c/76ce2f9125244e1708d29c1d3f9d1d50b347bda0
git.kernel.org/stable/c/96941f29ebcc1e9cbf570dc903f30374909562f5
git.kernel.org/stable/c/b3722fb69468693555f531cddda5c30444726dac
git.kernel.org/stable/c/f1e197a665c2148ebc25fe09c53689e60afea195
git.kernel.org/stable/c/f251ccef1d864790e5253386e95544420b7cd8f3
launchpad.net/bugs/cve/CVE-2024-40980
nvd.nist.gov/vuln/detail/CVE-2024-40980
security-tracker.debian.org/tracker/CVE-2024-40980
www.cve.org/CVERecord?id=CVE-2024-40980
Related
