CVE-2024-50219 Information

Description

In the Linux kernel the following vulnerability has been resolved:

mm/page_alloc: let GFP_ATOMIC order-0 allocs access highatomic reserves

Under memory pressure it’s possible for GFP_ATOMIC order-0 allocations to fail even though free pages are available in the highatomic reserves. GFP_ATOMIC allocations cannot trigger unreserve_highatomic_pageblock() since it’s only run from reclaim.

Given that such allocations will pass the watermarks in __zone_watermark_unusable_free() it makes sense to fallback to highatomic reserves the same way that ALLOC_OOM can.

This fixes order-0 page allocation failures observed on Cloudflare’s fleet when handling network packets:

kswapd1: page allocation failure: order:0 mode:0x820(GFP_ATOMIC) nodemask=(null)cpuset=/mems_allowed=0-7 CPU: 10 PID: 696 Comm: kswapd1 Kdump: loaded Tainted: G O 6.6.43-CUSTOM 1 Hardware name: MACHINE Call Trace: dump_stack_lvl+0x3c/0x50 warn_alloc+0x13a/0x1c0 __alloc_pages_slowpath.constprop.0+0xc9d/0xd10 __alloc_pages+0x327/0x340 __napi_alloc_skb+0x16d/0x1f0 bnxt_rx_page_skb+0x96/0x1b0 [bnxt_en] bnxt_rx_pkt+0x201/0x15e0 [bnxt_en] __bnxt_poll_work+0x156/0x2b0 [bnxt_en] bnxt_poll+0xd9/0x1c0 [bnxt_en] __napi_poll+0x2b/0x1b0 bpf_trampoline_6442524138+0x7d/0x1000 __napi_poll+0x5/0x1b0 net_rx_action+0x342/0x740 handle_softirqs+0xcf/0x2b0 irq_exit_rcu+0x6c/0x90 sysvec_apic_timer_interrupt+0x72/0x90

[mfleming@cloudflare.com: update comment] Link: https://lkml.kernel.org/r/20241015125158.3597702-1-matt@readmodwrite.com

Reference

https://git.kernel.org/stable/c/4c4e238d3adad3c94bb255d0f117d3685bbfdd33 https://git.kernel.org/stable/c/189b954469cf82f8b8cf496f8de94b006d2d4746 https://git.kernel.org/stable/c/b958948ae1cb3e39c48e9f805436fd652103c71e https://git.kernel.org/stable/c/d0fdacfb85a3e1223b894cc6e60091ec91049e9e https://git.kernel.org/stable/c/281dd25c1a018261a04d1b8bf41a0674000bfe38