CVE-2024-56610
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-56610
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-56610.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-56610
- Related
- Published
- 2024-12-27T15:15:20Z
- Modified
- 2025-01-11T13:53:30.662282Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
kcsan: Turn reportfilterlistlock into a raw_spinlock
Ran Xiaokai reports that with a KCSAN-enabled PREEMPT_RT kernel, we can see splats like:
| BUG: sleeping function called from invalid context at kernel/locking/spinlockrt.c:48 | inatomic(): 1, irqsdisabled(): 1, nonblock: 0, pid: 0, name: swapper/1 | preemptcount: 10002, expected: 0 | RCU nest depth: 0, expected: 0 | no locks held by swapper/1/0. | irq event stamp: 156674 | hardirqs last enabled at (156673): [<ffffffff81130bd9>] doidle+0x1f9/0x240 | hardirqs last disabled at (156674): [<ffffffff82254f84>] sysvecapictimerinterrupt+0x14/0xc0 | softirqs last enabled at (0): [<ffffffff81099f47>] copyprocess+0xfc7/0x4b60 | softirqs last disabled at (0): [<0000000000000000>] 0x0 | Preemption disabled at: | [<ffffffff814a3e2a>] paintptr+0x2a/0x90 | CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.11.0+ #3 | Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-0-ga698c8995f-prebuilt.qemu.org 04/01/2014 | Call Trace: | <IRQ> | dumpstacklvl+0x7e/0xc0 | dumpstack+0x1d/0x30 | _mightresched+0x1a2/0x270 | rtspinlock+0x68/0x170 | kcsanskipreportdebugfs+0x43/0xe0 | printreport+0xb5/0x590 | kcsanreportknownorigin+0x1b1/0x1d0 | kcsansetupwatchpoint+0x348/0x650 | _tsanunalignedwrite1+0x16d/0x1d0 | hrtimerinterrupt+0x3d6/0x430 | _sysvecapictimerinterrupt+0xe8/0x3a0 | sysvecapictimerinterrupt+0x97/0xc0 | </IRQ>
On a detected data race, KCSAN's reporting logic checks if it should filter the report. That list is protected by the reportfilterlistlock non-raw spinlock which may sleep on RT kernels.
Since KCSAN may report data races in any context, convert it to a raw_spinlock.
This requires being careful about when to allocate memory for the filter list itself which can be done via KCSAN's debugfs interface. Concurrent modification of the filter list via debugfs should be rare: the chosen strategy is to optimistically pre-allocate memory before the critical section and discard if unused.
- References
-
- https://git.kernel.org/stable/c/0ab4951c1473c7d1ceaf1232eb927109cd1c4859
- https://git.kernel.org/stable/c/59458fa4ddb47e7891c61b4a928d13d5f5b00aa0
- https://git.kernel.org/stable/c/889a0d3a35fdedba1c5dcb6410c95c32421680ec
- https://git.kernel.org/stable/c/dca4e74a918586913d251c0b359e8cc96a3883ea
- https://git.kernel.org/stable/c/ea6588abcc15d68fdeae777ffe3dd74c02eab407
- https://git.kernel.org/stable/c/f4f2ef66d288ea796ddb8ecbdc2df074ab2d5f4d
- https://security-tracker.debian.org/tracker/CVE-2024-56610
Affected packages
Debian:11 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
5.*
6.*
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.1.123-1
Affected versions
6.*
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.12.5-1