CVE-2023-53029 Information
Description
In the Linux kernel the following vulnerability has been resolved:
octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt
The commit 4af1b64f80fb (\octeontx2-pf: Fix lmtst ID used in aura
free) uses the get/put_cpu() to protect the usage of percpu pointer
in ->aura_freeptr() callback but it also unnecessarily disable the
preemption for the blockable memory allocation. The commit 87b93b678e95
(\octeontx2-pf: Avoid use of GFP_KERNEL in atomic context) tried to
fix these sleep inside atomic warnings. But it only fix the one for
the non-rt kernel. For the rt kernel we still get the similar warnings
like below.
BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:46
in_atomic(): 1 irqs_disabled(): 0 non_block: 0 pid: 1 name: swapper/0
preempt_count: 1 expected: 0
RCU nest depth: 0 expected: 0
3 locks held by swapper/0/1:
0: ffff800009fc5fe8 (rtnl_mutex)+.+.-3:3 at: rtnl_lock+0x24/0x30
1: ffff000100c276c0 (&mbox->lock)+.+.-3:3 at: otx2_init_hw_resources+0x8c/0x3a4
2: ffffffbfef6537e0 (&cpu_rcache->lock)+.+.-2:2 at: alloc_iova_fast+0x1ac/0x2ac
Preemption disabled at:
[
Of course we can shuffle the get/put_cpu() to only wrap the invocation of ->aura_freeptr() as what commit 87b93b678e95 does. But there are only two ->aura_freeptr() callbacks otx2_aura_freeptr() and cn10k_aura_freeptr(). There is no usage of perpcu variable in the otx2_aura_freeptr() at all so the get/put_cpu() seems redundant to it. We can move the get/put_cpu() into the corresponding callback which really has the percpu variable usage and avoid the sprinkling of get/put_cpu() in several places.
Reference
https://git.kernel.org/stable/c/29e9c67bf3271067735c188e95cf3631ecd64d58 https://git.kernel.org/stable/c/55ba18dc62deff5910c0fa64486dea1ff20832ff https://git.kernel.org/stable/c/659518e013d6bd562bb0f1d2d9f99d0ac54720e2
Share on: