ghsa-9qq6-2qhr-4mv7
Vulnerability from github
Published
2024-11-09 12:30
Modified
2024-11-09 12:30
Details

In the Linux kernel, the following vulnerability has been resolved:

mm/page_alloc: let GFP_ATOMIC order-0 allocs access highatomic reserves

Under memory pressure it's possible for GFP_ATOMIC order-0 allocations to fail even though free pages are available in the highatomic reserves. GFP_ATOMIC allocations cannot trigger unreserve_highatomic_pageblock() since it's only run from reclaim.

Given that such allocations will pass the watermarks in __zone_watermark_unusable_free(), it makes sense to fallback to highatomic reserves the same way that ALLOC_OOM can.

This fixes order-0 page allocation failures observed on Cloudflare's fleet when handling network packets:

kswapd1: page allocation failure: order:0, mode:0x820(GFP_ATOMIC), nodemask=(null),cpuset=/,mems_allowed=0-7 CPU: 10 PID: 696 Comm: kswapd1 Kdump: loaded Tainted: G O 6.6.43-CUSTOM #1 Hardware name: MACHINE Call Trace: dump_stack_lvl+0x3c/0x50 warn_alloc+0x13a/0x1c0 __alloc_pages_slowpath.constprop.0+0xc9d/0xd10 __alloc_pages+0x327/0x340 __napi_alloc_skb+0x16d/0x1f0 bnxt_rx_page_skb+0x96/0x1b0 [bnxt_en] bnxt_rx_pkt+0x201/0x15e0 [bnxt_en] __bnxt_poll_work+0x156/0x2b0 [bnxt_en] bnxt_poll+0xd9/0x1c0 [bnxt_en] __napi_poll+0x2b/0x1b0 bpf_trampoline_6442524138+0x7d/0x1000 __napi_poll+0x5/0x1b0 net_rx_action+0x342/0x740 handle_softirqs+0xcf/0x2b0 irq_exit_rcu+0x6c/0x90 sysvec_apic_timer_interrupt+0x72/0x90

[mfleming@cloudflare.com: update comment] Link: https://lkml.kernel.org/r/20241015125158.3597702-1-matt@readmodwrite.com

Show details on source website


{
  "affected": [],
  "aliases": [
    "CVE-2024-50219"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-09T11:15:07Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/page_alloc: let GFP_ATOMIC order-0 allocs access highatomic reserves\n\nUnder memory pressure it\u0027s possible for GFP_ATOMIC order-0 allocations to\nfail even though free pages are available in the highatomic reserves. \nGFP_ATOMIC allocations cannot trigger unreserve_highatomic_pageblock()\nsince it\u0027s only run from reclaim.\n\nGiven that such allocations will pass the watermarks in\n__zone_watermark_unusable_free(), it makes sense to fallback to highatomic\nreserves the same way that ALLOC_OOM can.\n\nThis fixes order-0 page allocation failures observed on Cloudflare\u0027s fleet\nwhen handling network packets:\n\n  kswapd1: page allocation failure: order:0, mode:0x820(GFP_ATOMIC),\n  nodemask=(null),cpuset=/,mems_allowed=0-7\n  CPU: 10 PID: 696 Comm: kswapd1 Kdump: loaded Tainted: G           O 6.6.43-CUSTOM #1\n  Hardware name: MACHINE\n  Call Trace:\n   \u003cIRQ\u003e\n   dump_stack_lvl+0x3c/0x50\n   warn_alloc+0x13a/0x1c0\n   __alloc_pages_slowpath.constprop.0+0xc9d/0xd10\n   __alloc_pages+0x327/0x340\n   __napi_alloc_skb+0x16d/0x1f0\n   bnxt_rx_page_skb+0x96/0x1b0 [bnxt_en]\n   bnxt_rx_pkt+0x201/0x15e0 [bnxt_en]\n   __bnxt_poll_work+0x156/0x2b0 [bnxt_en]\n   bnxt_poll+0xd9/0x1c0 [bnxt_en]\n   __napi_poll+0x2b/0x1b0\n   bpf_trampoline_6442524138+0x7d/0x1000\n   __napi_poll+0x5/0x1b0\n   net_rx_action+0x342/0x740\n   handle_softirqs+0xcf/0x2b0\n   irq_exit_rcu+0x6c/0x90\n   sysvec_apic_timer_interrupt+0x72/0x90\n   \u003c/IRQ\u003e\n\n[mfleming@cloudflare.com: update comment]\n  Link: https://lkml.kernel.org/r/20241015125158.3597702-1-matt@readmodwrite.com",
  "id": "GHSA-9qq6-2qhr-4mv7",
  "modified": "2024-11-09T12:30:48Z",
  "published": "2024-11-09T12:30:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50219"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/189b954469cf82f8b8cf496f8de94b006d2d4746"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/281dd25c1a018261a04d1b8bf41a0674000bfe38"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4c4e238d3adad3c94bb255d0f117d3685bbfdd33"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b958948ae1cb3e39c48e9f805436fd652103c71e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d0fdacfb85a3e1223b894cc6e60091ec91049e9e"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.