Описание
In the Linux kernel, the following vulnerability has been resolved:
xen/balloon: use a kernel thread instead a workqueue
Today the Xen ballooning is done via delayed work in a workqueue. This might result in workqueue hangups being reported in case of large amounts of memory are being ballooned in one go (here 16GB):
BUG: workqueue lockup - pool cpus=6 node=0 flags=0x0 nice=0 stuck for 64s! Showing busy workqueues and worker pools: workqueue events: flags=0x0 pwq 12: cpus=6 node=0 flags=0x0 nice=0 active=2/256 refcnt=3 in-flight: 229:balloon_process pending: cache_reap workqueue events_freezable_power_: flags=0x84 pwq 12: cpus=6 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 pending: disk_events_workfn workqueue mm_percpu_wq: flags=0x8 pwq 12: cpus=6 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 pending: vmstat_update pool 12: cpus=6 node=0 flags=0x0 nice=0 hung=64s workers=3 idle: 2222 43
This can easily be avoided by using a dedicated kernel thread for doi...
In the Linux kernel, the following vulnerability has been resolved:
xen/balloon: use a kernel thread instead a workqueue
Today the Xen ballooning is done via delayed work in a workqueue. This might result in workqueue hangups being reported in case of large amounts of memory are being ballooned in one go (here 16GB):
BUG: workqueue lockup - pool cpus=6 node=0 flags=0x0 nice=0 stuck for 64s! Showing busy workqueues and worker pools: workqueue events: flags=0x0 pwq 12: cpus=6 node=0 flags=0x0 nice=0 active=2/256 refcnt=3 in-flight: 229:balloon_process pending: cache_reap workqueue events_freezable_power_: flags=0x84 pwq 12: cpus=6 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 pending: disk_events_workfn workqueue mm_percpu_wq: flags=0x8 pwq 12: cpus=6 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 pending: vmstat_update pool 12: cpus=6 node=0 flags=0x0 nice=0 hung=64s workers=3 idle: 2222 43
This can easily be avoided by using a dedicated kernel thread for doing the ballooning work.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-47377
- https://git.kernel.org/stable/c/29917bbb07c30be295dece245c7c21872e1a6fbb
- https://git.kernel.org/stable/c/372d3e6ea1e115942fdfb4b25f7003d822d071be
- https://git.kernel.org/stable/c/6bba79c6a073741b672b0bf86a1f03c0fe47f973
- https://git.kernel.org/stable/c/8480ed9c2bbd56fc86524998e5f2e3e22f5038f6
- https://git.kernel.org/stable/c/922fd5b6bb13ad31ff36e86e2eba2f26d8135272
- https://git.kernel.org/stable/c/c5d5a43dd2b649a0a290bfed00fb76d1aff89be6
CVE ID
Связанные уязвимости
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
[REJECTED CVE] In the Linux kernel, the following vulnerability has been resolved: xen/balloon: use a kernel thread instead a workqueue The Linux kernel CVE team has assigned CVE-2021-47377 to this issue.
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.