In the Linux kernel, the following vulnerability has been resolved:
hrtimers: Handle CPU state correctly on hotplug
Consider a scenario where a CPU transitions from CPUHPONLINE to halfway through a CPU hotunplug down to CPUHPHRTIMERSPREPARE, and then back to CPUHPONLINE:
Since hrtimerspreparecpu() does not run, cpubase.hresactive remains set to 1 throughout. However, during a CPU unplug operation, the tick and the clockevents are shut down at CPUHPAPTICKDYING. On return to the online state, for instance CFS incorrectly assumes that the hrtick is already active, and the chance of the clockevent device to transition to oneshot mode is also lost forever for the CPU, unless it goes back to a lower state than CPUHPHRTIMERS_PREPARE once.
This round-trip reveals another issue; cpubase.online is not set to 1 after the transition, which appears as a WARNONONCE in enqueuehrtimer().
Aside of that, the bulk of the per CPU state is not reset either, which means there are dangling pointers in the worst case.
Address this by adding a corresponding startup() callback, which resets the stale per CPU state and sets the online flag.
[ tglx: Make the new callback unconditionally available, remove the online modification in the prepare() callback and clear the remaining state in the starting callback instead of the prepare callback ]
[ { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2f8dea1692eef2b7ba6a256246ed82c365fdc686", "signature_version": "v1", "target": { "file": "include/linux/hrtimer.h" }, "digest": { "threshold": 0.9, "line_hashes": [ "304449489381139248978915599126705510541", "37321580243399352776055892093814920489", "196574385609705776108811189427000207190", "239915848251525321454024437582752361398" ] }, "id": "CVE-2024-57951-02c6e142" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3d41dbf82e10c44e53ea602398ab002baec27e75", "signature_version": "v1", "target": { "file": "kernel/time/hrtimer.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "83122111931329543461117410345367475134", "44031454777744700509169321717568257686", "137308754846488194662816281432480473930", "92327009162832055102307686368897055658", "130634557285664332554686203552829257787", "151996387886610051843615087910570088843", "84035051529929166930502794035044174272", "121658338264784702807794618938392419721", "209437792760370921951340755836446303487", "249036543466303891442690897553362056631", "213966109218684952043493937972695492978", "220874227108029781080160958532061445599" ] }, "id": "CVE-2024-57951-05137c20" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@14984139f1f2768883332965db566ef26db609e7", "signature_version": "v1", "target": { "function": "hrtimers_init", "file": "kernel/time/hrtimer.c" }, "digest": { "function_hash": "291872130851140047794380269534296084464", "length": 109.0 }, "id": "CVE-2024-57951-0e826033" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@15b453db41d36184cf0ccc21e7df624014ab6a1a", "signature_version": "v1", "target": { "file": "kernel/cpu.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "192069360872655854857457198494827831098", "206844628844024092066506117591644457700", "36300828453331406183161266109483285828", "302813969948142910099525412675467538339" ] }, "id": "CVE-2024-57951-0f0bfdaa" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@38492f6ee883c7b1d33338bf531a62cff69b4b28", "signature_version": "v1", "target": { "file": "kernel/time/hrtimer.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "83122111931329543461117410345367475134", "44031454777744700509169321717568257686", "137308754846488194662816281432480473930", "92327009162832055102307686368897055658", "130634557285664332554686203552829257787", "151996387886610051843615087910570088843", "84035051529929166930502794035044174272", "121658338264784702807794618938392419721", "209437792760370921951340755836446303487", "249036543466303891442690897553362056631", "213966109218684952043493937972695492978", "220874227108029781080160958532061445599" ] }, "id": "CVE-2024-57951-11c8b077" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2f8dea1692eef2b7ba6a256246ed82c365fdc686", "signature_version": "v1", "target": { "function": "hrtimers_init", "file": "kernel/time/hrtimer.c" }, "digest": { "function_hash": "291872130851140047794380269534296084464", "length": 109.0 }, "id": "CVE-2024-57951-494c676b" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a5cbbea145b400e40540c34816d16d36e0374fbc", "signature_version": "v1", "target": { "function": "hrtimers_init", "file": "kernel/time/hrtimer.c" }, "digest": { "function_hash": "291872130851140047794380269534296084464", "length": 109.0 }, "id": "CVE-2024-57951-50d48225" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@95e4f62df23f4df1ce6ef897d44b8e23c260921a", "signature_version": "v1", "target": { "file": "kernel/time/hrtimer.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "139101111802239292492731867999688751716", "50585641617070920414531150148251075902", "137308754846488194662816281432480473930", "92327009162832055102307686368897055658", "130634557285664332554686203552829257787", "151996387886610051843615087910570088843", "84035051529929166930502794035044174272", "121658338264784702807794618938392419721", "209437792760370921951340755836446303487", "249036543466303891442690897553362056631", "213966109218684952043493937972695492978", "220874227108029781080160958532061445599" ] }, "id": "CVE-2024-57951-5624a5e2" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a5cbbea145b400e40540c34816d16d36e0374fbc", "signature_version": "v1", "target": { "file": "kernel/time/hrtimer.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "83122111931329543461117410345367475134", "44031454777744700509169321717568257686", "137308754846488194662816281432480473930", "92327009162832055102307686368897055658", "130634557285664332554686203552829257787", "151996387886610051843615087910570088843", "84035051529929166930502794035044174272", "121658338264784702807794618938392419721", "209437792760370921951340755836446303487", "249036543466303891442690897553362056631", "213966109218684952043493937972695492978", "220874227108029781080160958532061445599" ] }, "id": "CVE-2024-57951-5c1e4881" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2f8dea1692eef2b7ba6a256246ed82c365fdc686", "signature_version": "v1", "target": { "file": "kernel/time/hrtimer.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "83122111931329543461117410345367475134", "44031454777744700509169321717568257686", "137308754846488194662816281432480473930", "92327009162832055102307686368897055658", "130634557285664332554686203552829257787", "151996387886610051843615087910570088843", "84035051529929166930502794035044174272", "121658338264784702807794618938392419721", "209437792760370921951340755836446303487", "249036543466303891442690897553362056631", "213966109218684952043493937972695492978" ] }, "id": "CVE-2024-57951-5e8990b3" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@95e4f62df23f4df1ce6ef897d44b8e23c260921a", "signature_version": "v1", "target": { "function": "hrtimers_prepare_cpu", "file": "kernel/time/hrtimer.c" }, "digest": { "function_hash": "215445716113726607978785993549196457203", "length": 550.0 }, "id": "CVE-2024-57951-620e78bb" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@38492f6ee883c7b1d33338bf531a62cff69b4b28", "signature_version": "v1", "target": { "file": "include/linux/hrtimer.h" }, "digest": { "threshold": 0.9, "line_hashes": [ "304449489381139248978915599126705510541", "37321580243399352776055892093814920489", "196574385609705776108811189427000207190", "239915848251525321454024437582752361398" ] }, "id": "CVE-2024-57951-817341fb" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a5cbbea145b400e40540c34816d16d36e0374fbc", "signature_version": "v1", "target": { "file": "kernel/cpu.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "192069360872655854857457198494827831098", "206844628844024092066506117591644457700", "36300828453331406183161266109483285828", "302813969948142910099525412675467538339" ] }, "id": "CVE-2024-57951-8adeb892" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@15b453db41d36184cf0ccc21e7df624014ab6a1a", "signature_version": "v1", "target": { "file": "include/linux/hrtimer.h" }, "digest": { "threshold": 0.9, "line_hashes": [ "304449489381139248978915599126705510541", "37321580243399352776055892093814920489", "196574385609705776108811189427000207190", "239915848251525321454024437582752361398" ] }, "id": "CVE-2024-57951-8b69c44a" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@95e4f62df23f4df1ce6ef897d44b8e23c260921a", "signature_version": "v1", "target": { "function": "hrtimers_init", "file": "kernel/time/hrtimer.c" }, "digest": { "function_hash": "291872130851140047794380269534296084464", "length": 109.0 }, "id": "CVE-2024-57951-8f399e32" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2f8dea1692eef2b7ba6a256246ed82c365fdc686", "signature_version": "v1", "target": { "function": "hrtimers_prepare_cpu", "file": "kernel/time/hrtimer.c" }, "digest": { "function_hash": "125715613151373214051536031749343541914", "length": 596.0 }, "id": "CVE-2024-57951-90ab58c9" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@15b453db41d36184cf0ccc21e7df624014ab6a1a", "signature_version": "v1", "target": { "file": "kernel/time/hrtimer.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "83122111931329543461117410345367475134", "44031454777744700509169321717568257686", "137308754846488194662816281432480473930", "92327009162832055102307686368897055658", "130634557285664332554686203552829257787", "151996387886610051843615087910570088843", "84035051529929166930502794035044174272", "121658338264784702807794618938392419721", "209437792760370921951340755836446303487", "249036543466303891442690897553362056631", "213966109218684952043493937972695492978", "220874227108029781080160958532061445599" ] }, "id": "CVE-2024-57951-952790ec" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@14984139f1f2768883332965db566ef26db609e7", "signature_version": "v1", "target": { "file": "include/linux/hrtimer.h" }, "digest": { "threshold": 0.9, "line_hashes": [ "304449489381139248978915599126705510541", "37321580243399352776055892093814920489", "196574385609705776108811189427000207190", "239915848251525321454024437582752361398" ] }, "id": "CVE-2024-57951-98501b68" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@38492f6ee883c7b1d33338bf531a62cff69b4b28", "signature_version": "v1", "target": { "function": "hrtimers_init", "file": "kernel/time/hrtimer.c" }, "digest": { "function_hash": "291872130851140047794380269534296084464", "length": 109.0 }, "id": "CVE-2024-57951-9ad902f7" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@38492f6ee883c7b1d33338bf531a62cff69b4b28", "signature_version": "v1", "target": { "function": "hrtimers_prepare_cpu", "file": "kernel/time/hrtimer.c" }, "digest": { "function_hash": "125715613151373214051536031749343541914", "length": 596.0 }, "id": "CVE-2024-57951-a37eeaea" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a5cbbea145b400e40540c34816d16d36e0374fbc", "signature_version": "v1", "target": { "file": "include/linux/hrtimer.h" }, "digest": { "threshold": 0.9, "line_hashes": [ "304449489381139248978915599126705510541", "37321580243399352776055892093814920489", "196574385609705776108811189427000207190", "239915848251525321454024437582752361398" ] }, "id": "CVE-2024-57951-a726a24d" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@14984139f1f2768883332965db566ef26db609e7", "signature_version": "v1", "target": { "function": "hrtimers_prepare_cpu", "file": "kernel/time/hrtimer.c" }, "digest": { "function_hash": "125715613151373214051536031749343541914", "length": 596.0 }, "id": "CVE-2024-57951-ad9238cf" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@95e4f62df23f4df1ce6ef897d44b8e23c260921a", "signature_version": "v1", "target": { "file": "include/linux/hrtimer.h" }, "digest": { "threshold": 0.9, "line_hashes": [ "304449489381139248978915599126705510541", "37321580243399352776055892093814920489", "196574385609705776108811189427000207190", "239915848251525321454024437582752361398" ] }, "id": "CVE-2024-57951-b666b1ca" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@14984139f1f2768883332965db566ef26db609e7", "signature_version": "v1", "target": { "file": "kernel/time/hrtimer.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "83122111931329543461117410345367475134", "44031454777744700509169321717568257686", "137308754846488194662816281432480473930", "92327009162832055102307686368897055658", "130634557285664332554686203552829257787", "151996387886610051843615087910570088843", "84035051529929166930502794035044174272", "121658338264784702807794618938392419721", "209437792760370921951340755836446303487", "249036543466303891442690897553362056631", "213966109218684952043493937972695492978", "220874227108029781080160958532061445599" ] }, "id": "CVE-2024-57951-c78e3933" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3d41dbf82e10c44e53ea602398ab002baec27e75", "signature_version": "v1", "target": { "function": "hrtimers_prepare_cpu", "file": "kernel/time/hrtimer.c" }, "digest": { "function_hash": "125715613151373214051536031749343541914", "length": 596.0 }, "id": "CVE-2024-57951-cb9ad125" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2f8dea1692eef2b7ba6a256246ed82c365fdc686", "signature_version": "v1", "target": { "file": "kernel/cpu.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "192069360872655854857457198494827831098", "206844628844024092066506117591644457700", "36300828453331406183161266109483285828", "166705844755518285882916244292783135457" ] }, "id": "CVE-2024-57951-cfc49398" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@38492f6ee883c7b1d33338bf531a62cff69b4b28", "signature_version": "v1", "target": { "file": "kernel/cpu.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "192069360872655854857457198494827831098", "206844628844024092066506117591644457700", "36300828453331406183161266109483285828", "166705844755518285882916244292783135457" ] }, "id": "CVE-2024-57951-d647961f" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3d41dbf82e10c44e53ea602398ab002baec27e75", "signature_version": "v1", "target": { "file": "kernel/cpu.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "192069360872655854857457198494827831098", "206844628844024092066506117591644457700", "36300828453331406183161266109483285828", "302813969948142910099525412675467538339" ] }, "id": "CVE-2024-57951-db01fee2" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3d41dbf82e10c44e53ea602398ab002baec27e75", "signature_version": "v1", "target": { "function": "hrtimers_init", "file": "kernel/time/hrtimer.c" }, "digest": { "function_hash": "291872130851140047794380269534296084464", "length": 109.0 }, "id": "CVE-2024-57951-dc77dc42" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3d41dbf82e10c44e53ea602398ab002baec27e75", "signature_version": "v1", "target": { "file": "include/linux/hrtimer.h" }, "digest": { "threshold": 0.9, "line_hashes": [ "304449489381139248978915599126705510541", "37321580243399352776055892093814920489", "196574385609705776108811189427000207190", "239915848251525321454024437582752361398" ] }, "id": "CVE-2024-57951-ddd5089a" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@15b453db41d36184cf0ccc21e7df624014ab6a1a", "signature_version": "v1", "target": { "function": "hrtimers_prepare_cpu", "file": "kernel/time/hrtimer.c" }, "digest": { "function_hash": "125715613151373214051536031749343541914", "length": 596.0 }, "id": "CVE-2024-57951-dfb5cfbc" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a5cbbea145b400e40540c34816d16d36e0374fbc", "signature_version": "v1", "target": { "function": "hrtimers_prepare_cpu", "file": "kernel/time/hrtimer.c" }, "digest": { "function_hash": "125715613151373214051536031749343541914", "length": 596.0 }, "id": "CVE-2024-57951-e342d46e" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@95e4f62df23f4df1ce6ef897d44b8e23c260921a", "signature_version": "v1", "target": { "file": "kernel/cpu.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "192069360872655854857457198494827831098", "206844628844024092066506117591644457700", "36300828453331406183161266109483285828", "302813969948142910099525412675467538339" ] }, "id": "CVE-2024-57951-f4ccb39e" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@14984139f1f2768883332965db566ef26db609e7", "signature_version": "v1", "target": { "file": "kernel/cpu.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "192069360872655854857457198494827831098", "206844628844024092066506117591644457700", "36300828453331406183161266109483285828", "302813969948142910099525412675467538339" ] }, "id": "CVE-2024-57951-f97734df" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@15b453db41d36184cf0ccc21e7df624014ab6a1a", "signature_version": "v1", "target": { "function": "hrtimers_init", "file": "kernel/time/hrtimer.c" }, "digest": { "function_hash": "291872130851140047794380269534296084464", "length": 109.0 }, "id": "CVE-2024-57951-feadf3c4" } ]