| { |
| "containers": { |
| "cna": { |
| "providerMetadata": { |
| "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" |
| }, |
| "descriptions": [ |
| { |
| "lang": "en", |
| "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim()\n\nThe task sometimes continues looping in throttle_direct_reclaim() because\nallow_direct_reclaim(pgdat) keeps returning false. \n\n #0 [ffff80002cb6f8d0] __switch_to at ffff8000080095ac\n #1 [ffff80002cb6f900] __schedule at ffff800008abbd1c\n #2 [ffff80002cb6f990] schedule at ffff800008abc50c\n #3 [ffff80002cb6f9b0] throttle_direct_reclaim at ffff800008273550\n #4 [ffff80002cb6fa20] try_to_free_pages at ffff800008277b68\n #5 [ffff80002cb6fae0] __alloc_pages_nodemask at ffff8000082c4660\n #6 [ffff80002cb6fc50] alloc_pages_vma at ffff8000082e4a98\n #7 [ffff80002cb6fca0] do_anonymous_page at ffff80000829f5a8\n #8 [ffff80002cb6fce0] __handle_mm_fault at ffff8000082a5974\n #9 [ffff80002cb6fd90] handle_mm_fault at ffff8000082a5bd4\n\nAt this point, the pgdat contains the following two zones:\n\n NODE: 4 ZONE: 0 ADDR: ffff00817fffe540 NAME: \"DMA32\"\n SIZE: 20480 MIN/LOW/HIGH: 11/28/45\n VM_STAT:\n NR_FREE_PAGES: 359\n NR_ZONE_INACTIVE_ANON: 18813\n NR_ZONE_ACTIVE_ANON: 0\n NR_ZONE_INACTIVE_FILE: 50\n NR_ZONE_ACTIVE_FILE: 0\n NR_ZONE_UNEVICTABLE: 0\n NR_ZONE_WRITE_PENDING: 0\n NR_MLOCK: 0\n NR_BOUNCE: 0\n NR_ZSPAGES: 0\n NR_FREE_CMA_PAGES: 0\n\n NODE: 4 ZONE: 1 ADDR: ffff00817fffec00 NAME: \"Normal\"\n SIZE: 8454144 PRESENT: 98304 MIN/LOW/HIGH: 68/166/264\n VM_STAT:\n NR_FREE_PAGES: 146\n NR_ZONE_INACTIVE_ANON: 94668\n NR_ZONE_ACTIVE_ANON: 3\n NR_ZONE_INACTIVE_FILE: 735\n NR_ZONE_ACTIVE_FILE: 78\n NR_ZONE_UNEVICTABLE: 0\n NR_ZONE_WRITE_PENDING: 0\n NR_MLOCK: 0\n NR_BOUNCE: 0\n NR_ZSPAGES: 0\n NR_FREE_CMA_PAGES: 0\n\nIn allow_direct_reclaim(), while processing ZONE_DMA32, the sum of\ninactive/active file-backed pages calculated in zone_reclaimable_pages()\nbased on the result of zone_page_state_snapshot() is zero. \n\nAdditionally, since this system lacks swap, the calculation of inactive/\nactive anonymous pages is skipped.\n\n crash> p nr_swap_pages\n nr_swap_pages = $1937 = {\n counter = 0\n }\n\nAs a result, ZONE_DMA32 is deemed unreclaimable and skipped, moving on to\nthe processing of the next zone, ZONE_NORMAL, despite ZONE_DMA32 having\nfree pages significantly exceeding the high watermark.\n\nThe problem is that the pgdat->kswapd_failures hasn't been incremented.\n\n crash> px ((struct pglist_data *) 0xffff00817fffe540)->kswapd_failures\n $1935 = 0x0\n\nThis is because the node deemed balanced. The node balancing logic in\nbalance_pgdat() evaluates all zones collectively. If one or more zones\n(e.g., ZONE_DMA32) have enough free pages to meet their watermarks, the\nentire node is deemed balanced. This causes balance_pgdat() to exit early\nbefore incrementing the kswapd_failures, as it considers the overall\nmemory state acceptable, even though some zones (like ZONE_NORMAL) remain\nunder significant pressure.\n\n\nThe patch ensures that zone_reclaimable_pages() includes free pages\n(NR_FREE_PAGES) in its calculation when no other reclaimable pages are\navailable (e.g., file-backed or anonymous pages). This change prevents\nzones like ZONE_DMA32, which have sufficient free pages, from being\nmistakenly deemed unreclaimable. By doing so, the patch ensures proper\nnode balancing, avoids masking pressure on other zones like ZONE_NORMAL,\nand prevents infinite loops in throttle_direct_reclaim() caused by\nallow_direct_reclaim(pgdat) repeatedly returning false.\n\n\nThe kernel hangs due to a task stuck in throttle_direct_reclaim(), caused\nby a node being incorrectly deemed balanced despite pressure in certain\nzones, such as ZONE_NORMAL. This issue arises from\nzone_reclaimable_pages\n---truncated---" |
| } |
| ], |
| "affected": [ |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "unaffected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "mm/vmscan.c" |
| ], |
| "versions": [ |
| { |
| "version": "5a1c84b404a7176b8b36e2a0041b6f0adb3151a3", |
| "lessThan": "66cd37660ec34ec444fe42f2277330ae4a36bb19", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "5a1c84b404a7176b8b36e2a0041b6f0adb3151a3", |
| "lessThan": "d675fefbaec3815b3ae0af1bebd97f27df3a05c8", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "5a1c84b404a7176b8b36e2a0041b6f0adb3151a3", |
| "lessThan": "63eac98d6f0898229f515cb62fe4e4db2430e99c", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "5a1c84b404a7176b8b36e2a0041b6f0adb3151a3", |
| "lessThan": "bfb701192129803191c9cd6cdd1f82cd07f8de2c", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "5a1c84b404a7176b8b36e2a0041b6f0adb3151a3", |
| "lessThan": "1ff2302e8aeac7f2eedb551d7a89617283b5c6b2", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "5a1c84b404a7176b8b36e2a0041b6f0adb3151a3", |
| "lessThan": "58d0d02dbc67438fc80223fdd7bbc49cf0733284", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "5a1c84b404a7176b8b36e2a0041b6f0adb3151a3", |
| "lessThan": "6aaced5abd32e2a57cd94fd64f824514d0361da8", |
| "status": "affected", |
| "versionType": "git" |
| } |
| ] |
| }, |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "affected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "mm/vmscan.c" |
| ], |
| "versions": [ |
| { |
| "version": "4.8", |
| "status": "affected" |
| }, |
| { |
| "version": "0", |
| "lessThan": "4.8", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.4.289", |
| "lessThanOrEqual": "5.4.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.10.233", |
| "lessThanOrEqual": "5.10.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.15.176", |
| "lessThanOrEqual": "5.15.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.1.124", |
| "lessThanOrEqual": "6.1.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.6.70", |
| "lessThanOrEqual": "6.6.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.12.9", |
| "lessThanOrEqual": "6.12.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.13", |
| "lessThanOrEqual": "*", |
| "status": "unaffected", |
| "versionType": "original_commit_for_fix" |
| } |
| ] |
| } |
| ], |
| "cpeApplicability": [ |
| { |
| "nodes": [ |
| { |
| "operator": "OR", |
| "negate": false, |
| "cpeMatch": [ |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "4.8", |
| "versionEndExcluding": "5.4.289" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "4.8", |
| "versionEndExcluding": "5.10.233" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "4.8", |
| "versionEndExcluding": "5.15.176" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "4.8", |
| "versionEndExcluding": "6.1.124" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "4.8", |
| "versionEndExcluding": "6.6.70" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "4.8", |
| "versionEndExcluding": "6.12.9" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "4.8", |
| "versionEndExcluding": "6.13" |
| } |
| ] |
| } |
| ] |
| } |
| ], |
| "references": [ |
| { |
| "url": "https://git.kernel.org/stable/c/66cd37660ec34ec444fe42f2277330ae4a36bb19" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/d675fefbaec3815b3ae0af1bebd97f27df3a05c8" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/63eac98d6f0898229f515cb62fe4e4db2430e99c" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/bfb701192129803191c9cd6cdd1f82cd07f8de2c" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/1ff2302e8aeac7f2eedb551d7a89617283b5c6b2" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/58d0d02dbc67438fc80223fdd7bbc49cf0733284" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/6aaced5abd32e2a57cd94fd64f824514d0361da8" |
| } |
| ], |
| "title": "mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim()", |
| "x_generator": { |
| "engine": "bippy-1.2.0" |
| } |
| } |
| }, |
| "cveMetadata": { |
| "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", |
| "cveID": "CVE-2024-57884", |
| "requesterUserId": "gregkh@kernel.org", |
| "serial": "1", |
| "state": "PUBLISHED" |
| }, |
| "dataType": "CVE_RECORD", |
| "dataVersion": "5.0" |
| } |
