cve/published/2024/CVE-2024-26783.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-1.2.0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@kernel.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-26783: mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index

 With numa balancing on, when a numa system is running where a numa node
 doesn't have its local memory so it has no managed zones, the following
 oops has been observed.  It's because wakeup_kswapd() is called with a
 wrong zone index, -1.  Fixed it by checking the index before calling
 wakeup_kswapd().

 > BUG: unable to handle page fault for address: 00000000000033f3
 > #PF: supervisor read access in kernel mode
 > #PF: error_code(0x0000) - not-present page
 > PGD 0 P4D 0
 > Oops: 0000 [#1] PREEMPT SMP NOPTI
 > CPU: 2 PID: 895 Comm: masim Not tainted 6.6.0-dirty #255
 > Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
 >    rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014
 > RIP: 0010:wakeup_kswapd (./linux/mm/vmscan.c:7812)
 > Code: (omitted)
 > RSP: 0000:ffffc90004257d58 EFLAGS: 00010286
 > RAX: ffffffffffffffff RBX: ffff88883fff0480 RCX: 0000000000000003
 > RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88883fff0480
 > RBP: ffffffffffffffff R08: ff0003ffffffffff R09: ffffffffffffffff
 > R10: ffff888106c95540 R11: 0000000055555554 R12: 0000000000000003
 > R13: 0000000000000000 R14: 0000000000000000 R15: ffff88883fff0940
 > FS:  00007fc4b8124740(0000) GS:ffff888827c00000(0000) knlGS:0000000000000000
 > CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 > CR2: 00000000000033f3 CR3: 000000026cc08004 CR4: 0000000000770ee0
 > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
 > DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
 > PKRU: 55555554
 > Call Trace:
 >  <TASK>
 > ? __die
 > ? page_fault_oops
 > ? __pte_offset_map_lock
 > ? exc_page_fault
 > ? asm_exc_page_fault
 > ? wakeup_kswapd
 > migrate_misplaced_page
 > __handle_mm_fault
 > handle_mm_fault
 > do_user_addr_fault
 > exc_page_fault
 > asm_exc_page_fault
 > RIP: 0033:0x55b897ba0808
 > Code: (omitted)
 > RSP: 002b:00007ffeefa821a0 EFLAGS: 00010287
 > RAX: 000055b89983acd0 RBX: 00007ffeefa823f8 RCX: 000055b89983acd0
 > RDX: 00007fc2f8122010 RSI: 0000000000020000 RDI: 000055b89983acd0
 > RBP: 00007ffeefa821a0 R08: 0000000000000037 R09: 0000000000000075
 > R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
 > R13: 00007ffeefa82410 R14: 000055b897ba5dd8 R15: 00007fc4b8340000
 >  </TASK>

 The Linux kernel CVE team has assigned CVE-2024-26783 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 5.18 with commit c574bbe917036c8968b984c82c7b13194fe5ce98 and fixed in 6.1.140 with commit e5ec1c24e71dbf144677a975d6ba91043c2193db
 	Issue introduced in 5.18 with commit c574bbe917036c8968b984c82c7b13194fe5ce98 and fixed in 6.6.22 with commit d6159bd4c00594249e305bfe02304c67c506264e
 	Issue introduced in 5.18 with commit c574bbe917036c8968b984c82c7b13194fe5ce98 and fixed in 6.7.9 with commit bdd21eed8b72f9e28d6c279f6db258e090c79080
 	Issue introduced in 5.18 with commit c574bbe917036c8968b984c82c7b13194fe5ce98 and fixed in 6.8 with commit 2774f256e7c0219e2b0a0894af1c76bdabc4f974

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-26783
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	mm/migrate.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/e5ec1c24e71dbf144677a975d6ba91043c2193db
 	https://git.kernel.org/stable/c/d6159bd4c00594249e305bfe02304c67c506264e
 	https://git.kernel.org/stable/c/bdd21eed8b72f9e28d6c279f6db258e090c79080
 	https://git.kernel.org/stable/c/2774f256e7c0219e2b0a0894af1c76bdabc4f974
	From bippy-1.2.0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@kernel.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-26783: mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index

	With numa balancing on, when a numa system is running where a numa node
	doesn't have its local memory so it has no managed zones, the following
	oops has been observed. It's because wakeup_kswapd() is called with a
	wrong zone index, -1. Fixed it by checking the index before calling
	wakeup_kswapd().

	> BUG: unable to handle page fault for address: 00000000000033f3
	> #PF: supervisor read access in kernel mode
	> #PF: error_code(0x0000) - not-present page
	> PGD 0 P4D 0
	> Oops: 0000 [#1] PREEMPT SMP NOPTI
	> CPU: 2 PID: 895 Comm: masim Not tainted 6.6.0-dirty #255
	> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
	> rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014
	> RIP: 0010:wakeup_kswapd (./linux/mm/vmscan.c:7812)
	> Code: (omitted)
	> RSP: 0000:ffffc90004257d58 EFLAGS: 00010286
	> RAX: ffffffffffffffff RBX: ffff88883fff0480 RCX: 0000000000000003
	> RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88883fff0480
	> RBP: ffffffffffffffff R08: ff0003ffffffffff R09: ffffffffffffffff
	> R10: ffff888106c95540 R11: 0000000055555554 R12: 0000000000000003
	> R13: 0000000000000000 R14: 0000000000000000 R15: ffff88883fff0940
	> FS: 00007fc4b8124740(0000) GS:ffff888827c00000(0000) knlGS:0000000000000000
	> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
	> CR2: 00000000000033f3 CR3: 000000026cc08004 CR4: 0000000000770ee0
	> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
	> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
	> PKRU: 55555554
	> Call Trace:
	> <TASK>
	> ? __die
	> ? page_fault_oops
	> ? __pte_offset_map_lock
	> ? exc_page_fault
	> ? asm_exc_page_fault
	> ? wakeup_kswapd
	> migrate_misplaced_page
	> __handle_mm_fault
	> handle_mm_fault
	> do_user_addr_fault
	> exc_page_fault
	> asm_exc_page_fault
	> RIP: 0033:0x55b897ba0808
	> Code: (omitted)
	> RSP: 002b:00007ffeefa821a0 EFLAGS: 00010287
	> RAX: 000055b89983acd0 RBX: 00007ffeefa823f8 RCX: 000055b89983acd0
	> RDX: 00007fc2f8122010 RSI: 0000000000020000 RDI: 000055b89983acd0
	> RBP: 00007ffeefa821a0 R08: 0000000000000037 R09: 0000000000000075
	> R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
	> R13: 00007ffeefa82410 R14: 000055b897ba5dd8 R15: 00007fc4b8340000
	> </TASK>

	The Linux kernel CVE team has assigned CVE-2024-26783 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 5.18 with commit c574bbe917036c8968b984c82c7b13194fe5ce98 and fixed in 6.1.140 with commit e5ec1c24e71dbf144677a975d6ba91043c2193db
	Issue introduced in 5.18 with commit c574bbe917036c8968b984c82c7b13194fe5ce98 and fixed in 6.6.22 with commit d6159bd4c00594249e305bfe02304c67c506264e
	Issue introduced in 5.18 with commit c574bbe917036c8968b984c82c7b13194fe5ce98 and fixed in 6.7.9 with commit bdd21eed8b72f9e28d6c279f6db258e090c79080
	Issue introduced in 5.18 with commit c574bbe917036c8968b984c82c7b13194fe5ce98 and fixed in 6.8 with commit 2774f256e7c0219e2b0a0894af1c76bdabc4f974

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-26783
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	mm/migrate.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/e5ec1c24e71dbf144677a975d6ba91043c2193db
	https://git.kernel.org/stable/c/d6159bd4c00594249e305bfe02304c67c506264e
	https://git.kernel.org/stable/c/bdd21eed8b72f9e28d6c279f6db258e090c79080
	https://git.kernel.org/stable/c/2774f256e7c0219e2b0a0894af1c76bdabc4f974