Recently, a critical vulnerability was discovered in the Linux kernel affecting the LoongArch architecture. The vulnerability was related to sleeping in atomic context, specifically in the setup_tlb_handler() function. Fortunately, this vulnerability has now been resolved, and it is important to understand the issue, the solution, and how to protect your systems.
LoongArch: Fix sleeping in atomic context for PREEMPT_RT
The Linux kernel commit bab1c299f3945ffe79 (original reference link) changed the gfp flag from GFP_KERNEL to GFP_ATOMIC for alloc_pages_node(). However, for PREEMPT_RT kernels, this change could still lead to a "sleeping in atomic context" error:
[ .372259] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48
[ .372266] in_atomic(): 1, irqs_disabled(): 1, non_block: , pid: , name: swapper/1
[ .372468] RCU nest depth: 1, expected: 1
[ .372270] 3 locks held by swapper/1/:
[ .372274] #: 900000000c9f5e60 (&pcp->lock){+.+.}-{3:3}, at: get_page_from_freelist+x524/x1c60
[...]
[ .372599] [<900000000715615c>] smpboot_entry+x64/x6c
This error occurs because, in PREEMPT_RT kernels, normal spinlocks are replaced by rt spinlocks – and rt_spin_lock() can cause sleeping. The vulnerability has now been fixed by disabling NUMA optimization completely for PREEMPT_RT kernels.
Importance of the Fix and Next Steps
The fix is crucial to maintain the stability and security of systems running PREEMPT_RT kernels on LoongArch architecture. It is recommended to update your Linux kernel with the latest patches that include this fix to avoid any potential exploitation of this vulnerability.
To protect your systems, you should always keep them updated, review Linux kernel commit logs, and monitor announcements of new CVEs or exploits. Staying proactive and informed can provide you with the best defense against vulnerabilities and exploits like CVE-2024-56585.
Timeline
Published on: 12/27/2024 15:15:17 UTC
Last modified on: 01/20/2025 06:23:34 UTC