Wind River Support Network

HomeDefectsLIN1023-15410
Acknowledged

LIN1023-15410 : Security Advisory - linux - CVE-2025-39843

Created: Sep 21, 2025    Updated: Sep 24, 2025
Found In Version: 10.23.30.1
Severity: Standard
Applicable for: Wind River Linux LTS 23
Component/s: Kernel

Description

In the Linux kernel, the following vulnerability has been resolved:[EOL][EOL]mm: slub: avoid wake up kswapd in set_track_prepare[EOL][EOL]set_track_prepare() can incur lock recursion.[EOL]The issue is that it is called from hrtimer_start_range_ns[EOL]holding the per_cpu(hrtimer_bases)[n].lock, but when enabled[EOL]CONFIG_DEBUG_OBJECTS_TIMERS, may wake up kswapd in set_track_prepare,[EOL]and try to hold the per_cpu(hrtimer_bases)[n].lock.[EOL][EOL]Avoid deadlock caused by implicitly waking up kswapd by passing in[EOL]allocation flags, which do not contain __GFP_KSWAPD_RECLAIM in the[EOL]debug_objects_fill_pool() case. Inside stack depot they are processed by[EOL]gfp_nested_mask().[EOL]Since ___slab_alloc() has preemption disabled, we mask out[EOL]__GFP_DIRECT_RECLAIM from the flags there.[EOL][EOL]The oops looks something like:[EOL][EOL]BUG: spinlock recursion on CPU#3, swapper/3/0[EOL] lock: 0xffffff8a4bf29c80, .magic: dead4ead, .owner: swapper/3/0, .owner_cpu: 3[EOL]Hardware name: Qualcomm Technologies, Inc. Popsicle based on SM8850 (DT)[EOL]Call trace:[EOL]spin_bug+0x0[EOL]_raw_spin_lock_irqsave+0x80[EOL]hrtimer_try_to_cancel+0x94[EOL]task_contending+0x10c[EOL]enqueue_dl_entity+0x2a4[EOL]dl_server_start+0x74[EOL]enqueue_task_fair+0x568[EOL]enqueue_task+0xac[EOL]do_activate_task+0x14c[EOL]ttwu_do_activate+0xcc[EOL]try_to_wake_up+0x6c8[EOL]default_wake_function+0x20[EOL]autoremove_wake_function+0x1c[EOL]__wake_up+0xac[EOL]wakeup_kswapd+0x19c[EOL]wake_all_kswapds+0x78[EOL]__alloc_pages_slowpath+0x1ac[EOL]__alloc_pages_noprof+0x298[EOL]stack_depot_save_flags+0x6b0[EOL]stack_depot_save+0x14[EOL]set_track_prepare+0x5c[EOL]___slab_alloc+0xccc[EOL]__kmalloc_cache_noprof+0x470[EOL]__set_page_owner+0x2bc[EOL]post_alloc_hook[jt]+0x1b8[EOL]prep_new_page+0x28[EOL]get_page_from_freelist+0x1edc[EOL]__alloc_pages_noprof+0x13c[EOL]alloc_slab_page+0x244[EOL]allocate_slab+0x7c[EOL]___slab_alloc+0x8e8[EOL]kmem_cache_alloc_noprof+0x450[EOL]debug_objects_fill_pool+0x22c[EOL]debug_object_activate+0x40[EOL]enqueue_hrtimer[jt]+0xdc[EOL]hrtimer_start_range_ns+0x5f8[EOL]...
Live chat
Online