cve/published/2024/CVE-2024-56583.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-56583: sched/deadline: Fix warning in migrate_enable for boosted tasks

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 sched/deadline: Fix warning in migrate_enable for boosted tasks

 When running the following command:

 while true; do
     stress-ng --cyclic 30 --timeout 30s --minimize --quiet
 done

 a warning is eventually triggered:

 WARNING: CPU: 43 PID: 2848 at kernel/sched/deadline.c:794
 setup_new_dl_entity+0x13e/0x180
 ...
 Call Trace:
  <TASK>
  ? show_trace_log_lvl+0x1c4/0x2df
  ? enqueue_dl_entity+0x631/0x6e0
  ? setup_new_dl_entity+0x13e/0x180
  ? __warn+0x7e/0xd0
  ? report_bug+0x11a/0x1a0
  ? handle_bug+0x3c/0x70
  ? exc_invalid_op+0x14/0x70
  ? asm_exc_invalid_op+0x16/0x20
  enqueue_dl_entity+0x631/0x6e0
  enqueue_task_dl+0x7d/0x120
  __do_set_cpus_allowed+0xe3/0x280
  __set_cpus_allowed_ptr_locked+0x140/0x1d0
  __set_cpus_allowed_ptr+0x54/0xa0
  migrate_enable+0x7e/0x150
  rt_spin_unlock+0x1c/0x90
  group_send_sig_info+0xf7/0x1a0
  ? kill_pid_info+0x1f/0x1d0
  kill_pid_info+0x78/0x1d0
  kill_proc_info+0x5b/0x110
  __x64_sys_kill+0x93/0xc0
  do_syscall_64+0x5c/0xf0
  entry_SYSCALL_64_after_hwframe+0x6e/0x76
  RIP: 0033:0x7f0dab31f92b

 This warning occurs because set_cpus_allowed dequeues and enqueues tasks
 with the ENQUEUE_RESTORE flag set. If the task is boosted, the warning
 is triggered. A boosted task already had its parameters set by
 rt_mutex_setprio, and a new call to setup_new_dl_entity is unnecessary,
 hence the WARN_ON call.

 Check if we are requeueing a boosted task and avoid calling
 setup_new_dl_entity if that's the case.

 The Linux kernel CVE team has assigned CVE-2024-56583 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 4.15 with commit 295d6d5e373607729bcc8182c25afe964655714f and fixed in 6.6.66 with commit b600d30402854415aa57548a6b53dc6478f65517
 	Issue introduced in 4.15 with commit 295d6d5e373607729bcc8182c25afe964655714f and fixed in 6.12.5 with commit e41074904d9ed3fe582d6e544c77b40c22043c82
 	Issue introduced in 4.15 with commit 295d6d5e373607729bcc8182c25afe964655714f and fixed in 6.13 with commit 0664e2c311b9fa43b33e3e81429cd0c2d7f9c638
 	Issue introduced in 4.14.70 with commit fd8cb2e71cdd8e814cbdadddd0d0e6e3d49eaa2c

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-56583
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	kernel/sched/deadline.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/b600d30402854415aa57548a6b53dc6478f65517
 	https://git.kernel.org/stable/c/e41074904d9ed3fe582d6e544c77b40c22043c82
 	https://git.kernel.org/stable/c/0664e2c311b9fa43b33e3e81429cd0c2d7f9c638
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-56583: sched/deadline: Fix warning in migrate_enable for boosted tasks

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	sched/deadline: Fix warning in migrate_enable for boosted tasks

	When running the following command:

	while true; do
	stress-ng --cyclic 30 --timeout 30s --minimize --quiet
	done

	a warning is eventually triggered:

	WARNING: CPU: 43 PID: 2848 at kernel/sched/deadline.c:794
	setup_new_dl_entity+0x13e/0x180
	...
	Call Trace:
	<TASK>
	? show_trace_log_lvl+0x1c4/0x2df
	? enqueue_dl_entity+0x631/0x6e0
	? setup_new_dl_entity+0x13e/0x180
	? __warn+0x7e/0xd0
	? report_bug+0x11a/0x1a0
	? handle_bug+0x3c/0x70
	? exc_invalid_op+0x14/0x70
	? asm_exc_invalid_op+0x16/0x20
	enqueue_dl_entity+0x631/0x6e0
	enqueue_task_dl+0x7d/0x120
	__do_set_cpus_allowed+0xe3/0x280
	__set_cpus_allowed_ptr_locked+0x140/0x1d0
	__set_cpus_allowed_ptr+0x54/0xa0
	migrate_enable+0x7e/0x150
	rt_spin_unlock+0x1c/0x90
	group_send_sig_info+0xf7/0x1a0
	? kill_pid_info+0x1f/0x1d0
	kill_pid_info+0x78/0x1d0
	kill_proc_info+0x5b/0x110
	__x64_sys_kill+0x93/0xc0
	do_syscall_64+0x5c/0xf0
	entry_SYSCALL_64_after_hwframe+0x6e/0x76
	RIP: 0033:0x7f0dab31f92b

	This warning occurs because set_cpus_allowed dequeues and enqueues tasks
	with the ENQUEUE_RESTORE flag set. If the task is boosted, the warning
	is triggered. A boosted task already had its parameters set by
	rt_mutex_setprio, and a new call to setup_new_dl_entity is unnecessary,
	hence the WARN_ON call.

	Check if we are requeueing a boosted task and avoid calling
	setup_new_dl_entity if that's the case.

	The Linux kernel CVE team has assigned CVE-2024-56583 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 4.15 with commit 295d6d5e373607729bcc8182c25afe964655714f and fixed in 6.6.66 with commit b600d30402854415aa57548a6b53dc6478f65517
	Issue introduced in 4.15 with commit 295d6d5e373607729bcc8182c25afe964655714f and fixed in 6.12.5 with commit e41074904d9ed3fe582d6e544c77b40c22043c82
	Issue introduced in 4.15 with commit 295d6d5e373607729bcc8182c25afe964655714f and fixed in 6.13 with commit 0664e2c311b9fa43b33e3e81429cd0c2d7f9c638
	Issue introduced in 4.14.70 with commit fd8cb2e71cdd8e814cbdadddd0d0e6e3d49eaa2c

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-56583
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	kernel/sched/deadline.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/b600d30402854415aa57548a6b53dc6478f65517
	https://git.kernel.org/stable/c/e41074904d9ed3fe582d6e544c77b40c22043c82
	https://git.kernel.org/stable/c/0664e2c311b9fa43b33e3e81429cd0c2d7f9c638