CVE-2021-47454
powerpc/smp: do not decrement idle task preempt count in CPU offline
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
powerpc/smp: do not decrement idle task preempt count in CPU offline
With PREEMPT_COUNT=y, when a CPU is offlined and then onlined again, we
get:
BUG: scheduling while atomic: swapper/1/0/0x00000000
no locks held by swapper/1/0.
CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.15.0-rc2+ #100
Call Trace:
dump_stack_lvl+0xac/0x108
__schedule_bug+0xac/0xe0
__schedule+0xcf8/0x10d0
schedule_idle+0x3c/0x70
do_idle+0x2d8/0x4a0
cpu_startup_entry+0x38/0x40
start_secondary+0x2ec/0x3a0
start_secondary_prolog+0x10/0x14
This is because powerpc's arch_cpu_idle_dead() decrements the idle task's
preempt count, for reasons explained in commit a7c2bb8279d2 ("powerpc:
Re-enable preemption before cpu_die()"), specifically "start_secondary()
expects a preempt_count() of 0."
However, since commit 2c669ef6979c ("powerpc/preempt: Don't touch the idle
task's preempt_count during hotplug") and commit f1a0a376ca0c ("sched/core:
Initialize the idle task with preemption disabled"), that justification no
longer holds.
The idle task isn't supposed to re-enable preemption, so remove the
vestigial preempt_enable() from the CPU offline path.
Tested with pseries and powernv in qemu, and pseries on PowerVM.
En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: powerpc/smp: no disminuye el recuento de prioridad de tareas inactivas en la CPU fuera de línea Con PREEMPT_COUNT=y, cuando una CPU está fuera de línea y luego vuelve a estar en línea, obtenemos: ERROR: programación mientras es atómica: swapper/1/0/0x00000000 no hay bloqueos retenidos por swapper/1/0. CPU: 1 PID: 0 Comunicaciones: swapper/1 No contaminado 5.15.0-rc2+ #100 Seguimiento de llamadas: dump_stack_lvl+0xac/0x108 __schedule_bug+0xac/0xe0 __schedule+0xcf8/0x10d0 Schedule_idle+0x3c/0x70 do_idle+0x2d8/0x4a0 entrada_arriba+ 0x38/0x40 start_secondary+0x2ec/0x3a0 start_secondary_prolog+0x10/0x14 Esto se debe a que arch_cpu_idle_dead() de powerpc disminuye el recuento de apropiación de tareas inactivas, por razones explicadas en el commit a7c2bb8279d2 ("powerpc: volver a habilitar la apropiación antes de cpu_die()"), específicamente " start_secondary() espera un preempt_count() de 0." Sin embargo, desde el commit 2c669ef6979c ("powerpc/preempt: no toque el preempt_count de la tarea inactiva durante la conexión en caliente") y el commit f1a0a376ca0c ("sched/core: inicialice la tarea inactiva con la preferencia deshabilitada"), esa justificación ya no se cumple. No se supone que la tarea inactiva vuelva a habilitar la preferencia, por lo tanto, elimine el preempt_enable() residual de la ruta fuera de línea de la CPU. Probado con pseries y powernv en qemu y pseries en PowerVM.
A vulnerability was found in the Linux kernel's powerpc/smp architecture, where the idle task's preemption count was incorrectly decremented during the CPU offline process. This issue caused a "scheduling while atomic" error when a CPU was offlined and then onlined again, leading to potential system instability.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-05-21 CVE Reserved
- 2024-05-22 CVE Published
- 2024-05-22 EPSS Updated
- 2024-12-19 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CAPEC
References (9)
URL | Tag | Source |
---|---|---|
https://git.kernel.org/stable/c/bdf4d33e8342b90386156204e1da0cdfdb4bf146 | Vuln. Introduced | |
https://git.kernel.org/stable/c/2c669ef6979c370f98d4b876e54f19613c81e075 | Vuln. Introduced | |
https://git.kernel.org/stable/c/2b6148ef2bd6d8ddc76e7873114f7769b6aa25f0 | Vuln. Introduced | |
https://git.kernel.org/stable/c/20a015e948b825afb47855de2efce7cae7c2608f | Vuln. Introduced |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2021-47454 | 2024-11-12 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2282904 | 2024-11-12 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.10.50 < 5.10.76 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.50 < 5.10.76" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.14 < 5.14.15 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.14 < 5.14.15" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.14 < 5.15 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.14 < 5.15" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 5.12.17 Search vendor "Linux" for product "Linux Kernel" and version "5.12.17" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 5.13.2 Search vendor "Linux" for product "Linux Kernel" and version "5.13.2" | en |
Affected
|