CVE-2024-58057 (GCVE-0-2024-58057)
Vulnerability from cvelistv5
Published
2025-03-06 15:54
Modified
2025-05-04 10:08
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: idpf: convert workqueues to unbound When a workqueue is created with `WQ_UNBOUND`, its work items are served by special worker-pools, whose host workers are not bound to any specific CPU. In the default configuration (i.e. when `queue_delayed_work` and friends do not specify which CPU to run the work item on), `WQ_UNBOUND` allows the work item to be executed on any CPU in the same node of the CPU it was enqueued on. While this solution potentially sacrifices locality, it avoids contention with other processes that might dominate the CPU time of the processor the work item was scheduled on. This is not just a theoretical problem: in a particular scenario misconfigured process was hogging most of the time from CPU0, leaving less than 0.5% of its CPU time to the kworker. The IDPF workqueues that were using the kworker on CPU0 suffered large completion delays as a result, causing performance degradation, timeouts and eventual system crash. * I have also run a manual test to gauge the performance improvement. The test consists of an antagonist process (`./stress --cpu 2`) consuming as much of CPU 0 as possible. This process is run under `taskset 01` to bind it to CPU0, and its priority is changed with `chrt -pQ 9900 10000 ${pid}` and `renice -n -20 ${pid}` after start. Then, the IDPF driver is forced to prefer CPU0 by editing all calls to `queue_delayed_work`, `mod_delayed_work`, etc... to use CPU 0. Finally, `ktraces` for the workqueue events are collected. Without the current patch, the antagonist process can force arbitrary delays between `workqueue_queue_work` and `workqueue_execute_start`, that in my tests were as high as `30ms`. With the current patch applied, the workqueue can be migrated to another unloaded CPU in the same node, and, keeping everything else equal, the maximum delay I could see was `6us`.
References
Impacted products
Vendor Product Version
Linux Linux Version: 0fe45467a1041ea3657a7fa3a791c84c104fbd34
Version: 0fe45467a1041ea3657a7fa3a791c84c104fbd34
Version: 0fe45467a1041ea3657a7fa3a791c84c104fbd34
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/intel/idpf/idpf_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "66bf9b3d9e1658333741f075320dc8e7cd6f8d09",
              "status": "affected",
              "version": "0fe45467a1041ea3657a7fa3a791c84c104fbd34",
              "versionType": "git"
            },
            {
              "lessThan": "868202ec3854e13de1164e4a3e25521194c5af72",
              "status": "affected",
              "version": "0fe45467a1041ea3657a7fa3a791c84c104fbd34",
              "versionType": "git"
            },
            {
              "lessThan": "9a5b021cb8186f1854bac2812bd4f396bb1e881c",
              "status": "affected",
              "version": "0fe45467a1041ea3657a7fa3a791c84c104fbd34",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/intel/idpf/idpf_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.7"
            },
            {
              "lessThan": "6.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.13.*",
              "status": "unaffected",
              "version": "6.13.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.14",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.13",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13.2",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: convert workqueues to unbound\n\nWhen a workqueue is created with `WQ_UNBOUND`, its work items are\nserved by special worker-pools, whose host workers are not bound to\nany specific CPU. In the default configuration (i.e. when\n`queue_delayed_work` and friends do not specify which CPU to run the\nwork item on), `WQ_UNBOUND` allows the work item to be executed on any\nCPU in the same node of the CPU it was enqueued on. While this\nsolution potentially sacrifices locality, it avoids contention with\nother processes that might dominate the CPU time of the processor the\nwork item was scheduled on.\n\nThis is not just a theoretical problem: in a particular scenario\nmisconfigured process was hogging most of the time from CPU0, leaving\nless than 0.5% of its CPU time to the kworker. The IDPF workqueues\nthat were using the kworker on CPU0 suffered large completion delays\nas a result, causing performance degradation, timeouts and eventual\nsystem crash.\n\n\n* I have also run a manual test to gauge the performance\n  improvement. The test consists of an antagonist process\n  (`./stress --cpu 2`) consuming as much of CPU 0 as possible. This\n  process is run under `taskset 01` to bind it to CPU0, and its\n  priority is changed with `chrt -pQ 9900 10000 ${pid}` and\n  `renice -n -20 ${pid}` after start.\n\n  Then, the IDPF driver is forced to prefer CPU0 by editing all calls\n  to `queue_delayed_work`, `mod_delayed_work`, etc... to use CPU 0.\n\n  Finally, `ktraces` for the workqueue events are collected.\n\n  Without the current patch, the antagonist process can force\n  arbitrary delays between `workqueue_queue_work` and\n  `workqueue_execute_start`, that in my tests were as high as\n  `30ms`. With the current patch applied, the workqueue can be\n  migrated to another unloaded CPU in the same node, and, keeping\n  everything else equal, the maximum delay I could see was `6us`."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T10:08:53.250Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/66bf9b3d9e1658333741f075320dc8e7cd6f8d09"
        },
        {
          "url": "https://git.kernel.org/stable/c/868202ec3854e13de1164e4a3e25521194c5af72"
        },
        {
          "url": "https://git.kernel.org/stable/c/9a5b021cb8186f1854bac2812bd4f396bb1e881c"
        }
      ],
      "title": "idpf: convert workqueues to unbound",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-58057",
    "datePublished": "2025-03-06T15:54:00.345Z",
    "dateReserved": "2025-03-06T15:52:09.179Z",
    "dateUpdated": "2025-05-04T10:08:53.250Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-58057\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-03-06T16:15:51.940\",\"lastModified\":\"2025-03-06T16:15:51.940\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nidpf: convert workqueues to unbound\\n\\nWhen a workqueue is created with `WQ_UNBOUND`, its work items are\\nserved by special worker-pools, whose host workers are not bound to\\nany specific CPU. In the default configuration (i.e. when\\n`queue_delayed_work` and friends do not specify which CPU to run the\\nwork item on), `WQ_UNBOUND` allows the work item to be executed on any\\nCPU in the same node of the CPU it was enqueued on. While this\\nsolution potentially sacrifices locality, it avoids contention with\\nother processes that might dominate the CPU time of the processor the\\nwork item was scheduled on.\\n\\nThis is not just a theoretical problem: in a particular scenario\\nmisconfigured process was hogging most of the time from CPU0, leaving\\nless than 0.5% of its CPU time to the kworker. The IDPF workqueues\\nthat were using the kworker on CPU0 suffered large completion delays\\nas a result, causing performance degradation, timeouts and eventual\\nsystem crash.\\n\\n\\n* I have also run a manual test to gauge the performance\\n  improvement. The test consists of an antagonist process\\n  (`./stress --cpu 2`) consuming as much of CPU 0 as possible. This\\n  process is run under `taskset 01` to bind it to CPU0, and its\\n  priority is changed with `chrt -pQ 9900 10000 ${pid}` and\\n  `renice -n -20 ${pid}` after start.\\n\\n  Then, the IDPF driver is forced to prefer CPU0 by editing all calls\\n  to `queue_delayed_work`, `mod_delayed_work`, etc... to use CPU 0.\\n\\n  Finally, `ktraces` for the workqueue events are collected.\\n\\n  Without the current patch, the antagonist process can force\\n  arbitrary delays between `workqueue_queue_work` and\\n  `workqueue_execute_start`, that in my tests were as high as\\n  `30ms`. With the current patch applied, the workqueue can be\\n  migrated to another unloaded CPU in the same node, and, keeping\\n  everything else equal, the maximum delay I could see was `6us`.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/66bf9b3d9e1658333741f075320dc8e7cd6f8d09\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/868202ec3854e13de1164e4a3e25521194c5af72\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/9a5b021cb8186f1854bac2812bd4f396bb1e881c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.