Описание
In the Linux kernel, the following vulnerability has been resolved:
mm/page_alloc: let GFP_ATOMIC order-0 allocs access highatomic reserves
Under memory pressure it's possible for GFP_ATOMIC order-0 allocations to fail even though free pages are available in the highatomic reserves. GFP_ATOMIC allocations cannot trigger unreserve_highatomic_pageblock() since it's only run from reclaim.
Given that such allocations will pass the watermarks in __zone_watermark_unusable_free(), it makes sense to fallback to highatomic reserves the same way that ALLOC_OOM can.
This fixes order-0 page allocation failures observed on Cloudflare's fleet when handling network packets:
kswapd1: page allocation failure: order:0, mode:0x820(GFP_ATOMIC), nodemask=(null),cpuset=/,mems_allowed=0-7 CPU: 10 PID: 696 Comm: kswapd1 Kdump: loaded Tainted: G O 6.6.43-CUSTOM #1 Hardware name: MACHINE Call Trace: dump_stack_lvl+0x3c/0x50 warn_alloc+0x13a/0x1c0 __alloc_pages_slow...
In the Linux kernel, the following vulnerability has been resolved:
mm/page_alloc: let GFP_ATOMIC order-0 allocs access highatomic reserves
Under memory pressure it's possible for GFP_ATOMIC order-0 allocations to fail even though free pages are available in the highatomic reserves. GFP_ATOMIC allocations cannot trigger unreserve_highatomic_pageblock() since it's only run from reclaim.
Given that such allocations will pass the watermarks in __zone_watermark_unusable_free(), it makes sense to fallback to highatomic reserves the same way that ALLOC_OOM can.
This fixes order-0 page allocation failures observed on Cloudflare's fleet when handling network packets:
kswapd1: page allocation failure: order:0, mode:0x820(GFP_ATOMIC), nodemask=(null),cpuset=/,mems_allowed=0-7 CPU: 10 PID: 696 Comm: kswapd1 Kdump: loaded Tainted: G O 6.6.43-CUSTOM #1 Hardware name: MACHINE Call Trace: dump_stack_lvl+0x3c/0x50 warn_alloc+0x13a/0x1c0 __alloc_pages_slowpath.constprop.0+0xc9d/0xd10 __alloc_pages+0x327/0x340 __napi_alloc_skb+0x16d/0x1f0 bnxt_rx_page_skb+0x96/0x1b0 [bnxt_en] bnxt_rx_pkt+0x201/0x15e0 [bnxt_en] __bnxt_poll_work+0x156/0x2b0 [bnxt_en] bnxt_poll+0xd9/0x1c0 [bnxt_en] __napi_poll+0x2b/0x1b0 bpf_trampoline_6442524138+0x7d/0x1000 __napi_poll+0x5/0x1b0 net_rx_action+0x342/0x740 handle_softirqs+0xcf/0x2b0 irq_exit_rcu+0x6c/0x90 sysvec_apic_timer_interrupt+0x72/0x90
[mfleming@cloudflare.com: update comment] Link: https://lkml.kernel.org/r/20241015125158.3597702-1-matt@readmodwrite.com
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2024-50219
- https://git.kernel.org/stable/c/189b954469cf82f8b8cf496f8de94b006d2d4746
- https://git.kernel.org/stable/c/281dd25c1a018261a04d1b8bf41a0674000bfe38
- https://git.kernel.org/stable/c/4c4e238d3adad3c94bb255d0f117d3685bbfdd33
- https://git.kernel.org/stable/c/b958948ae1cb3e39c48e9f805436fd652103c71e
- https://git.kernel.org/stable/c/d0fdacfb85a3e1223b894cc6e60091ec91049e9e
CVE ID
Связанные уязвимости
[REJECTED CVE] A vulnerability in the Linux kernel's memory management (mm/page_alloc) has been identified, where GFP_ATOMIC order-0 allocations could fail under memory pressure, despite available highatomic reserves. This issue caused packet loss in high-performance networking environments, as observed on Cloudflare's fleet. An attacker could theoretically exploit this by inducing high memory contention, potentially impacting real-time operations. However, since the fix ensures proper fallback behavior without introducing a security risk, the issue has been rejected as a CVE.
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
ELSA-2024-12887: Unbreakable Enterprise kernel security update (IMPORTANT)