CVE-2024-57885

In the Linux kernel, the following vulnerability has been resolved:

mm/kmemleak: fix sleeping function called from invalid context at print message

Address a bug in the kernel that triggers a "sleeping function called from invalid context" warning when /sys/kernel/debug/kmemleak is printed under specific conditions: - CONFIGPREEMPTRT=y - Set SELinux as the LSM for the system - Set kptr_restrict to 1 - kmemleak buffer contains at least one item

BUG: sleeping function called from invalid context at kernel/locking/spinlockrt.c:48 inatomic(): 1, irqsdisabled(): 1, nonblock: 0, pid: 136, name: cat preemptcount: 1, expected: 0 RCU nest depth: 2, expected: 2 6 locks held by cat/136: #0: ffff32e64bcbf950 (&p->lock){+.+.}-{3:3}, at: seqreaditer+0xb8/0xe30 #1: ffffafe6aaa9dea0 (scanmutex){+.+.}-{3:3}, at: kmemleakseqstart+0x34/0x128 #3: ffff32e6546b1cd0 (&object->lock){....}-{2:2}, at: kmemleakseqshow+0x3c/0x1e0 #4: ffffafe6aa8d8560 (rcureadlock){....}-{1:2}, at: hasnscapabilitynoaudit+0x8/0x1b0 #5: ffffafe6aabbc0f8 (notiflock){+.+.}-{2:2}, at: avccomputeav+0xc4/0x3d0 irq event stamp: 136660 hardirqs last enabled at (136659): [<ffffafe6a80fd7a0>] rawspinunlockirqrestore+0xa8/0xd8 hardirqs last disabled at (136660): [<ffffafe6a80fd85c>] rawspinlockirqsave+0x8c/0xb0 softirqs last enabled at (0): [<ffffafe6a5d50b28>] copyprocess+0x11d8/0x3df8 softirqs last disabled at (0): [<0000000000000000>] 0x0 Preemption disabled at: [<ffffafe6a6598a4c>] kmemleakseqshow+0x3c/0x1e0 CPU: 1 UID: 0 PID: 136 Comm: cat Tainted: G E 6.11.0-rt7+ #34 Tainted: [E]=UNSIGNEDMODULE Hardware name: linux,dummy-virt (DT) Call trace: dumpbacktrace+0xa0/0x128 showstack+0x1c/0x30 dumpstacklvl+0xe8/0x198 dumpstack+0x18/0x20 rtspinlock+0x8c/0x1a8 avcpermnonode+0xa0/0x150 credhascapability.isra.0+0x118/0x218 selinuxcapable+0x50/0x80 securitycapable+0x7c/0xd0 hasnscapabilitynoaudit+0x94/0x1b0 hascapabilitynoaudit+0x20/0x30 restrictedpointer+0x21c/0x4b0 pointer+0x298/0x760 vsnprintf+0x330/0xf70 seqprintf+0x178/0x218 printunreferenced+0x1a4/0x2d0 kmemleakseqshow+0xd0/0x1e0 seqreaditer+0x354/0xe30 seqread+0x250/0x378 fullproxyread+0xd8/0x148 vfsread+0x190/0x918 ksysread+0xf0/0x1e0 _arm64sysread+0x70/0xa8 invokesyscall.constprop.0+0xd4/0x1d8 el0svc+0x50/0x158 el0t64_sync+0x17c/0x180

%pS and %pK, in the same back trace line, are redundant, and %pS can void %pK service in certain contexts.

%pS alone already provides the necessary information, and if it cannot resolve the symbol, it falls back to printing the raw address voiding the original intent behind the %pK.

Additionally, %pK requires a privilege check CAPSYSLOG enforced through the LSM, which can trigger a "sleeping function called from invalid context" warning under RTPREEMPT kernels when the check occurs in an atomic context. This issue may also affect other LSMs.

This change avoids the unnecessary privilege check and resolves the sleeping function warning without any loss of information.