Fixed
Created: Jun 20, 2024
Updated: Jun 25, 2024
Resolved Date: Jun 24, 2024
Found In Version: 10.22.33.1
Fix Version: 10.22.33.17
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:mm/kmemleak: avoid scanning potential huge holesWhen using devm_request_free_mem_region() and devm_memremap_pages() toadd ZONE_DEVICE memory, if requested free mem region's end pfn werehuge(e.g., 0x400000000), the node_end_pfn() will be also huge (seemove_pfn_range_to_zone()). Thus it creates a huge hole betweennode_start_pfn() and node_end_pfn().We found on some AMD APUs, amdkfd requested such a free mem region andcreated a huge hole. In such a case, following code snippet was justdoing busy test_bit() looping on the huge hole. for (pfn = start_pfn; pfn < end_pfn; pfn++) { struct page *page = pfn_to_online_page(pfn); if (!page) continue; ... }So we got a soft lockup: watchdog: BUG: soft lockup - CPU#6 stuck for 26s! bash:1221] CPU: 6 PID: 1221 Comm: bash Not tainted 5.15.0-custom #1 RIP: 0010:pfn_to_online_page+0x5/0xd0 Call Trace: ? kmemleak_scan+0x16a/0x440 kmemleak_write+0x306/0x3a0 ? common_file_perm+0x72/0x170 full_proxy_write+0x5c/0x90 vfs_write+0xb9/0x260 ksys_write+0x67/0xe0 __x64_sys_write+0x1a/0x20 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xaeI did some tests with the patch.(1) amdgpu module unloadedbefore the patch: real 0m0.976s user 0m0.000s sys 0m0.968safter the patch: real 0m0.981s user 0m0.000s sys 0m0.973s(2) amdgpu module loadedbefore the patch: real 0m35.365s user 0m0.000s sys 0m35.354safter the patch: real 0m1.049s user 0m0.000s sys 0m1.042s
CREATE(Triage):(User=admin) [CVE-2022-48731 (https://nvd.nist.gov/vuln/detail/CVE-2022-48731)
