A vulnerability in the Linux kernel has recently been resolved, which is related to the sched/deadline warning observed when running certain commands on boosted tasks. This article aims to provide a detailed explanation of the fix, along with code snippets, links to original references, and exploit details.
The issue occurs when running the following command, which eventually triggers a warning
while true; do
stress-ng --cyclic 30 --timeout 30s --minimize --quiet
done
Warning Message
WARNING: CPU: 43 PID: 2848 at kernel/sched/deadline.c:794
setup_new_dl_entity+x13e/x180
...
Call Trace:
<TASK>
? show_trace_log_lvl+x1c4/x2df
? enqueue_dl_entity+x631/x6e
? setup_new_dl_entity+x13e/x180
? __warn+x7e/xd
? report_bug+x11a/x1a
? handle_bug+x3c/x70
? exc_invalid_op+x14/x70
? asm_exc_invalid_op+x16/x20
enqueue_dl_entity+x631/x6e
enqueue_task_dl+x7d/x120
__do_set_cpus_allowed+xe3/x280
__set_cpus_allowed_ptr_locked+x140/x1d
__set_cpus_allowed_ptr+x54/xa
migrate_enable+x7e/x150
rt_spin_unlock+x1c/x90
group_send_sig_info+xf7/x1a
? kill_pid_info+x1f/x1d
kill_pid_info+x78/x1d
kill_proc_info+x5b/x110
__x64_sys_kill+x93/xc
do_syscall_64+x5c/xf
entry_SYSCALL_64_after_hwframe+x6e/x76
RIP: 0033:x7fdab31f92b
This warning occurs because set_cpus_allowed function dequeues and enqueues tasks with the ENQUEUE_RESTORE flag set. If the task is boosted, the warning is triggered. A boosted task has already had its parameters set by rt_mutex_setprio, and a new call to setup_new_dl_entity is unnecessary, leading to the WARN_ON call.
Fix:
To resolve this issue, a check must be added to determine if the task being dequeued is boosted or not. If it is indeed a boosted task, the call to setup_new_dl_entity should be avoided. This can be done as follows:
/* In kernel/sched/deadline.c */
...
if (!dl_entity_is_boosted(&dl_se->dl_runtime) && dl_entity_is_requeued(&dl_se->dl_runtime)) {
/* Original code */
}
...
By adding this check to the code, we can prevent the warning from being triggered when dequeued tasks are boosted.
Conclusion
This article has provided an in-depth look at the vulnerability, CVE-2024-56583, found in the Linux kernel, specifically focusing on sched/deadline warning messages for boosted tasks. The fix, which involves adding a simple check to avoid calling setup_new_dl_entity in certain scenarios, has been explained along with code snippets.
Here are some relevant links related to the issue and its fix
1. Linux kernel source code
2. stress-ng tool
3. Linux Kernel Mailing List (LKML) patch discussion
By applying the suggested fix, the warning can be resolved, preventing any potential exploits related to boosted tasks and improving overall Linux kernel stability.
Timeline
Published on: 12/27/2024 15:15:17 UTC
Last modified on: 01/20/2025 06:23:32 UTC