CVE-2024-56701: Fixing Vulnerability in the Linux Kernel - PowerPC/pSeries - DTL Access Lock

A recently resolved vulnerability in the Linux kernel highlights the importance of always staying up-to-date with the latest security patches and updates. The vulnerability, labeled CVE-2024-56701, specifically affects the powerpc/pseries architecture of the Linux kernel.

This vulnerability involves an issue with the dtl_access_lock. To fix the issue, the dtl_access_lock was changed into a rw_semaphore. The original issue occurred due to the code calling kmalloc() while holding the dtl_access_lock. Since kmalloc() can sleep, this led to bugs:

# echo 1 > /proc/powerpc/vcpudispatch_stats
BUG: sleeping function called from invalid context at include/linux/sched/mm.h:337
in_atomic(): 1, irqs_disabled(): , non_block: , pid: 199, name: sh
preempt_count: 1, expected: 
3 locks held by sh/199:
 #: c00000000a0743f8 (sb_writers#3){.+.+}-{:}, at: vfs_write+x324/x438
 #1: c0000000028c7058 (dtl_enable_mutex){+.+.}-{3:3}, at: vcpudispatch_stats_write+xd4/x5f4
 #2: c0000000028c70b8 (dtl_access_lock){+.+.}-{2:2}, at: vcpudispatch_stats_write+x220/x5f4
CPU:  PID: 199 Comm: sh Not tainted 6.10.-rc4 #152
Hardware name: IBM pSeries (emulated by qemu) POWER9 (raw) x4e1202 xf000005 of:SLOF,HEAD hv:linux,kvm pSeries
Call Trace:
  dump_stack_lvl+x130/x148 (unreliable)
  __might_resched+x174/x410
  kmem_cache_alloc_noprof+x340/x3d
  alloc_dtl_buffers+x124/x1ac
  vcpudispatch_stats_write+x2a8/x5f4
  proc_reg_write+xf4/x150
  vfs_write+xfc/x438
  ksys_write+x88/x148
  system_call_exception+x1c4/x5a
  system_call_common+xf4/x258

This bug could potentially cause issues with the Linux kernel, leading to unexpected behavior or instability. Therefore, it's important to address this vulnerability in your Linux systems. To do so, you should consider the following steps:

1. Update your Linux kernel to the latest version that includes a fix for CVE-2024-56701. More information about the patch, including a detailed discussion and associated code changes, can be found here: Linux git commit

2. If you are unable to update your kernel immediately but want to mitigate the risk, consider reviewing and implementing changes to the affected code to change dtl_access_lock to a rw_semaphore. This will help ensure that the issue does not impact your system.

3. Always follow best practices for patch management and security updates in your environment. This includes regularly reviewing published advisories, such as those from the National Vulnerability Database (NVD) and Linux Kernel Mailing List (LKML), to stay informed about the latest security risks and available fixes.

In summary, CVE-2024-56701 is a fixed vulnerability in the Linux kernel affecting the powerpc/pseries architecture. The issue involves the dtl_access_lock being held while calling kmalloc(), which can sleep. To fix the vulnerability, the dtl_access_lock needs to be changed into a rw_semaphore. Always stay up-to-date with the latest security patches and updates to protect your systems from vulnerabilities like this.

Timeline

Published on: 12/28/2024 10:15:17 UTC
Last modified on: 01/20/2025 06:26:29 UTC