In the Linux kernel, the following vulnerability has been resolved:
mm/swapfile: skip HugeTLB pages for unuse_vma
I got a bad pud error and lost a 1GB HugeTLB when calling swapoff. The problem can be reproduced by the following steps:
run swapoff and we will get a bad pud error in kernel message:
mm/pgtable-generic.c:42: bad pud 00000000743d215d(84000001400000e7)
We can tell that pudclearbad is called by pudnoneorclearbad in unusepudrange() by ftrace. And therefore the HugeTLB pages will never be freed because we lost it from page table. We can skip HugeTLB pages for unuse_vma to fix it.
[ { "deprecated": false, "target": { "file": "mm/swapfile.c" }, "signature_type": "Line", "digest": { "threshold": 0.9, "line_hashes": [ "288582504196819533100848842174864111961", "300228325580124699112564581863393625647", "284399108486194843114634571897517287502", "297841595594257390218275517443681409281" ] }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e41710f5a61aca9d6baaa8f53908a927dd9e7aa7", "signature_version": "v1", "id": "CVE-2024-50199-0d6f5946" }, { "deprecated": false, "target": { "file": "mm/swapfile.c" }, "signature_type": "Line", "digest": { "threshold": 0.9, "line_hashes": [ "160666541351583132850850953409934475180", "197404465567884134698483988836920712491", "126387684899659770649200177981155091658", "56642142228526498858032642610775744915" ] }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@eb66a833cdd2f7302ee05d05e0fa12a2ca32eb87", "signature_version": "v1", "id": "CVE-2024-50199-0e785038" }, { "deprecated": false, "target": { "function": "unuse_mm", "file": "mm/swapfile.c" }, "signature_type": "Function", "digest": { "function_hash": "152440603687412269436006051851181211429", "length": 307.0 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bed2b9037806c62166a0ef9a559a1e7e3e1275b8", "signature_version": "v1", "id": "CVE-2024-50199-10a1578d" }, { "deprecated": false, "target": { "function": "unuse_mm", "file": "mm/swapfile.c" }, "signature_type": "Function", "digest": { "function_hash": "152440603687412269436006051851181211429", "length": 307.0 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7528c4fb1237512ee18049f852f014eba80bbe8d", "signature_version": "v1", "id": "CVE-2024-50199-13cfdf22" }, { "deprecated": false, "target": { "file": "mm/swapfile.c" }, "signature_type": "Line", "digest": { "threshold": 0.9, "line_hashes": [ "247249393185901181885957975812445021387", "273318350174119067201913026954059125130", "284399108486194843114634571897517287502", "297841595594257390218275517443681409281" ] }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ba7f982cdb37ff5a7739dec85d7325ea66fc1496", "signature_version": "v1", "id": "CVE-2024-50199-2c57e4c8" }, { "deprecated": false, "target": { "file": "mm/swapfile.c" }, "signature_type": "Line", "digest": { "threshold": 0.9, "line_hashes": [ "160666541351583132850850953409934475180", "197404465567884134698483988836920712491", "126387684899659770649200177981155091658", "56642142228526498858032642610775744915" ] }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7528c4fb1237512ee18049f852f014eba80bbe8d", "signature_version": "v1", "id": "CVE-2024-50199-37ad5337" }, { "deprecated": false, "target": { "function": "unuse_mm", "file": "mm/swapfile.c" }, "signature_type": "Function", "digest": { "function_hash": "152440603687412269436006051851181211429", "length": 307.0 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6ec0fe3756f941f42f8c57156b8bdf2877b2ebaf", "signature_version": "v1", "id": "CVE-2024-50199-3d89e4af" }, { "deprecated": false, "target": { "file": "mm/swapfile.c" }, "signature_type": "Line", "digest": { "threshold": 0.9, "line_hashes": [ "288582504196819533100848842174864111961", "300228325580124699112564581863393625647", "284399108486194843114634571897517287502", "297841595594257390218275517443681409281" ] }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@417d5838ca73c6331ae2fe692fab6c25c00d9a0b", "signature_version": "v1", "id": "CVE-2024-50199-5cb5666f" }, { "deprecated": false, "target": { "function": "unuse_mm", "file": "mm/swapfile.c" }, "signature_type": "Function", "digest": { "function_hash": "129707860328298247534436749615149912619", "length": 361.0 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@417d5838ca73c6331ae2fe692fab6c25c00d9a0b", "signature_version": "v1", "id": "CVE-2024-50199-63166ec6" }, { "deprecated": false, "target": { "file": "mm/swapfile.c" }, "signature_type": "Line", "digest": { "threshold": 0.9, "line_hashes": [ "160666541351583132850850953409934475180", "197404465567884134698483988836920712491", "126387684899659770649200177981155091658", "56642142228526498858032642610775744915" ] }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bed2b9037806c62166a0ef9a559a1e7e3e1275b8", "signature_version": "v1", "id": "CVE-2024-50199-6ab68279" }, { "deprecated": false, "target": { "function": "unuse_mm", "file": "mm/swapfile.c" }, "signature_type": "Function", "digest": { "function_hash": "129707860328298247534436749615149912619", "length": 361.0 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e41710f5a61aca9d6baaa8f53908a927dd9e7aa7", "signature_version": "v1", "id": "CVE-2024-50199-8cfd9cc2" }, { "deprecated": false, "target": { "file": "mm/swapfile.c" }, "signature_type": "Line", "digest": { "threshold": 0.9, "line_hashes": [ "160666541351583132850850953409934475180", "197404465567884134698483988836920712491", "126387684899659770649200177981155091658", "56642142228526498858032642610775744915" ] }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6ec0fe3756f941f42f8c57156b8bdf2877b2ebaf", "signature_version": "v1", "id": "CVE-2024-50199-c24ae7cd" }, { "deprecated": false, "target": { "function": "unuse_mm", "file": "mm/swapfile.c" }, "signature_type": "Function", "digest": { "function_hash": "152440603687412269436006051851181211429", "length": 307.0 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@eb66a833cdd2f7302ee05d05e0fa12a2ca32eb87", "signature_version": "v1", "id": "CVE-2024-50199-c679af4a" }, { "deprecated": false, "target": { "function": "unuse_mm", "file": "mm/swapfile.c" }, "signature_type": "Function", "digest": { "function_hash": "36782160901093437247397874694966594747", "length": 389.0 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ba7f982cdb37ff5a7739dec85d7325ea66fc1496", "signature_version": "v1", "id": "CVE-2024-50199-ede54931" } ]