CVE-2024-49926 Information

Description

In the Linux kernel the following vulnerability has been resolved:

rcu-tasks: Fix access non-existent percpu rtpcp variable in rcu_tasks_need_gpcb()

For kernels built with CONFIG_FORCE_NR_CPUS=y the nr_cpu_ids is defined as NR_CPUS instead of the number of possible cpus this will cause the following system panic:

smpboot: Allowing 4 CPUs 0 hotplug CPUs … setup_percpu: NR_CPUS:512 nr_cpumask_bits:512 nr_cpu_ids:512 nr_node_ids:1 … BUG: unable to handle page fault for address: ffffffff9911c8c8 Oops: 0000 [1] PREEMPT SMP PTI CPU: 0 PID: 15 Comm: rcu_tasks_trace Tainted: G W 6.6.21 1 5dc7acf91a5e8e9ac9dcfc35bee0245691283ea6 RIP: 0010:rcu_tasks_need_gpcb+0x25d/0x2c0 RSP: 0018:ffffa371c00a3e60 EFLAGS: 00010082 CR2: ffffffff9911c8c8 CR3: 000000040fa20005 CR4: 00000000001706f0 Call Trace: ? __die+0x23/0x80 ? page_fault_oops+0xa4/0x180 ? exc_page_fault+0x152/0x180 ? asm_exc_page_fault+0x26/0x40 ? rcu_tasks_need_gpcb+0x25d/0x2c0 ? __pfx_rcu_tasks_kthread+0x40/0x40 rcu_tasks_one_gp+0x69/0x180 rcu_tasks_kthread+0x94/0xc0 kthread+0xe8/0x140 ? __pfx_kthread+0x40/0x40 ret_from_fork+0x34/0x80 ? __pfx_kthread+0x40/0x40 ret_from_fork_asm+0x1b/0x80

Considering that there may be holes in the CPU numbers use the maximum possible cpu number instead of nr_cpu_ids for configuring enqueue and dequeue limits.

[ neeraj.upadhyay: Fix htmldocs build error reported by Stephen Rothwell ]

Reference

https://git.kernel.org/stable/c/3104bddc666ff64b90491868bbc4c7ebdd90aedf https://git.kernel.org/stable/c/05095271a4fb0f6497121a057f9a2edf386d5d96 https://git.kernel.org/stable/c/fd70e9f1d85f5323096ad313ba73f5fe3d15ea41