Описание
In the Linux kernel, the following vulnerability has been resolved:
workqueue: Improve scalability of workqueue watchdog touch
On a ~2000 CPU powerpc system, hard lockups have been observed in the workqueue code when stop_machine runs (in this case due to CPU hotplug). This is due to lots of CPUs spinning in multi_cpu_stop, calling touch_nmi_watchdog() which ends up calling wq_watchdog_touch(). wq_watchdog_touch() writes to the global variable wq_watchdog_touched, and that can find itself in the same cacheline as other important workqueue data, which slows down operations to the point of lockups.
In the case of the following abridged trace, worker_pool_idr was in the hot line, causing the lockups to always appear at idr_find.
watchdog: CPU 1125 self-detected hard LOCKUP @ idr_find Call Trace: get_work_pool __queue_work call_timer_fn run_timer_softirq __do_softirq do_softirq_own_stack irq_exit timer_interrupt decrementer_common_virt
- interrupt: 900 (timer...
In the Linux kernel, the following vulnerability has been resolved:
workqueue: Improve scalability of workqueue watchdog touch
On a ~2000 CPU powerpc system, hard lockups have been observed in the workqueue code when stop_machine runs (in this case due to CPU hotplug). This is due to lots of CPUs spinning in multi_cpu_stop, calling touch_nmi_watchdog() which ends up calling wq_watchdog_touch(). wq_watchdog_touch() writes to the global variable wq_watchdog_touched, and that can find itself in the same cacheline as other important workqueue data, which slows down operations to the point of lockups.
In the case of the following abridged trace, worker_pool_idr was in the hot line, causing the lockups to always appear at idr_find.
watchdog: CPU 1125 self-detected hard LOCKUP @ idr_find Call Trace: get_work_pool __queue_work call_timer_fn run_timer_softirq __do_softirq do_softirq_own_stack irq_exit timer_interrupt decrementer_common_virt
- interrupt: 900 (timer) at multi_cpu_stop multi_cpu_stop cpu_stopper_thread smpboot_thread_fn kthread
Fix this by having wq_watchdog_touch() only write to the line if the last time a touch was recorded exceeds 1/4 of the watchdog threshold.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2024-46839
- https://git.kernel.org/stable/c/241bce1c757d0587721512296952e6bba69631ed
- https://git.kernel.org/stable/c/98f887f820c993e05a12e8aa816c80b8661d4c87
- https://git.kernel.org/stable/c/9d08fce64dd77f42e2361a4818dbc4b50f3c7dad
- https://git.kernel.org/stable/c/a2abd35e7dc55bf9ed01e2b3481fa78e086d3bf4
- https://git.kernel.org/stable/c/da5f374103a1e0881bbd35847dc57b04ac155eb0
CVE ID
Связанные уязвимости
[REJECTED CVE] A performance issue in the Linux Kernel's workqueue subsystem can cause hard lockups on high-CPU systems during operations like CPU hotplugging. The issue arises from contention when multiple CPUs update the global wq_watchdog_touched variable, leading to degraded performance and lockups in workqueue management routines.
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
ELSA-2024-12815: Unbreakable Enterprise kernel security update (IMPORTANT)