CVE-2022-48800

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-48800
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48800.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-48800
Related
Published
2024-07-16T12:15:04Z
Modified
2024-09-11T02:00:04Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

mm: vmscan: remove deadlock due to throttling failing to make progress

A soft lockup bug in kcompactd was reported in a private bugzilla with the following visible in dmesg;

watchdog: BUG: soft lockup - CPU#33 stuck for 26s! [kcompactd0:479] watchdog: BUG: soft lockup - CPU#33 stuck for 52s! [kcompactd0:479] watchdog: BUG: soft lockup - CPU#33 stuck for 78s! [kcompactd0:479] watchdog: BUG: soft lockup - CPU#33 stuck for 104s! [kcompactd0:479]

The machine had 256G of RAM with no swap and an earlier failed allocation indicated that node 0 where kcompactd was run was potentially unreclaimable;

Node 0 activeanon:29355112kB inactiveanon:2913528kB activefile:0kB inactivefile:0kB unevictable:64kB isolated(anon):0kB isolated(file):0kB mapped:8kB dirty:0kB writeback:0kB shmem:26780kB shmemthp: 0kB shmempmdmapped: 0kB anonthp: 23480320kB writebacktmp:0kB kernelstack:2272kB pagetables:24500kB allunreclaimable? yes

Vlastimil Babka investigated a crash dump and found that a task migrating pages was trying to drain PCP lists;

PID: 52922 TASK: ffff969f820e5000 CPU: 19 COMMAND: "kworker/u128:3" Call Trace: _schedule schedule scheduletimeout waitforcompletion _flushwork _drainallpages _allocpagesslowpath.constprop.114 _allocpages allocmigrationtarget migratepages migratetonode domigratepages cpusetmigratemmworkfn processonework workerthread kthread retfrom_fork

This failure is specific to CONFIGPREEMPT=n builds. The root of the problem is that kcompact0 is not rescheduling on a CPU while a task that has isolated a large number of the pages from the LRU is waiting on kcompact0 to reschedule so the pages can be released. While shrinkinactivelist() only loops once around toomanyisolated, reclaim can continue without rescheduling if sc->skippeddeactivate == 1 which could happen if there was no file LRU and the inactive anon list was not low.

References

Affected packages

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.16.10-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.16.10-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}