ghsa-9qq6-2qhr-4mv7
Vulnerability from github
In the Linux kernel, the following vulnerability has been resolved:
mm/page_alloc: let GFP_ATOMIC order-0 allocs access highatomic reserves
Under memory pressure it's possible for GFP_ATOMIC order-0 allocations to fail even though free pages are available in the highatomic reserves. GFP_ATOMIC allocations cannot trigger unreserve_highatomic_pageblock() since it's only run from reclaim.
Given that such allocations will pass the watermarks in __zone_watermark_unusable_free(), it makes sense to fallback to highatomic reserves the same way that ALLOC_OOM can.
This fixes order-0 page allocation failures observed on Cloudflare's fleet when handling network packets:
kswapd1: page allocation failure: order:0, mode:0x820(GFP_ATOMIC),
nodemask=(null),cpuset=/,mems_allowed=0-7
CPU: 10 PID: 696 Comm: kswapd1 Kdump: loaded Tainted: G O 6.6.43-CUSTOM #1
Hardware name: MACHINE
Call Trace:
[mfleming@cloudflare.com: update comment] Link: https://lkml.kernel.org/r/20241015125158.3597702-1-matt@readmodwrite.com
{ "affected": [], "aliases": [ "CVE-2024-50219" ], "database_specific": { "cwe_ids": [], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-11-09T11:15:07Z", "severity": null }, "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/page_alloc: let GFP_ATOMIC order-0 allocs access highatomic reserves\n\nUnder memory pressure it\u0027s possible for GFP_ATOMIC order-0 allocations to\nfail even though free pages are available in the highatomic reserves. \nGFP_ATOMIC allocations cannot trigger unreserve_highatomic_pageblock()\nsince it\u0027s only run from reclaim.\n\nGiven that such allocations will pass the watermarks in\n__zone_watermark_unusable_free(), it makes sense to fallback to highatomic\nreserves the same way that ALLOC_OOM can.\n\nThis fixes order-0 page allocation failures observed on Cloudflare\u0027s fleet\nwhen handling network packets:\n\n kswapd1: page allocation failure: order:0, mode:0x820(GFP_ATOMIC),\n nodemask=(null),cpuset=/,mems_allowed=0-7\n CPU: 10 PID: 696 Comm: kswapd1 Kdump: loaded Tainted: G O 6.6.43-CUSTOM #1\n Hardware name: MACHINE\n Call Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x3c/0x50\n warn_alloc+0x13a/0x1c0\n __alloc_pages_slowpath.constprop.0+0xc9d/0xd10\n __alloc_pages+0x327/0x340\n __napi_alloc_skb+0x16d/0x1f0\n bnxt_rx_page_skb+0x96/0x1b0 [bnxt_en]\n bnxt_rx_pkt+0x201/0x15e0 [bnxt_en]\n __bnxt_poll_work+0x156/0x2b0 [bnxt_en]\n bnxt_poll+0xd9/0x1c0 [bnxt_en]\n __napi_poll+0x2b/0x1b0\n bpf_trampoline_6442524138+0x7d/0x1000\n __napi_poll+0x5/0x1b0\n net_rx_action+0x342/0x740\n handle_softirqs+0xcf/0x2b0\n irq_exit_rcu+0x6c/0x90\n sysvec_apic_timer_interrupt+0x72/0x90\n \u003c/IRQ\u003e\n\n[mfleming@cloudflare.com: update comment]\n Link: https://lkml.kernel.org/r/20241015125158.3597702-1-matt@readmodwrite.com", "id": "GHSA-9qq6-2qhr-4mv7", "modified": "2024-11-09T12:30:48Z", "published": "2024-11-09T12:30:47Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50219" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/189b954469cf82f8b8cf496f8de94b006d2d4746" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/281dd25c1a018261a04d1b8bf41a0674000bfe38" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/4c4e238d3adad3c94bb255d0f117d3685bbfdd33" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/b958948ae1cb3e39c48e9f805436fd652103c71e" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/d0fdacfb85a3e1223b894cc6e60091ec91049e9e" } ], "schema_version": "1.4.0", "severity": [] }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.