Updated:
Description:
In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: don't unpoison huge_zero_folio When I did memory failure tests recently, below panic occurs: kernel BUG at include/linux/mm.h:1135! invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 9 PID: 137 Comm: kswapd1 Not tainted 6.9.0-rc4-00491-gd5ce28f156fe-dirty #14 RIP: 0010:shrink_huge_zero_page_scan+0x168/0x1a0 RSP: 0018:ffff9933c6c57bd0 EFLAGS: 00000246 RAX: 000000000000003e RBX: 0000000000000000 RCX: ffff88f61fc5c9c8 RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff88f61fc5c9c0 RBP: ffffcd7c446b0000 R08: ffffffff9a9405f0 R09: 0000000000005492 R10: 00000000000030ea R11: ffffffff9a9405f0 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: ffff88e703c4ac00 FS: 0000000000000000(0000) GS:ffff88f61fc40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055f4da6e9878 CR3: 0000000c71048000 CR4: 00000000000006f0 Call Trace: <TASK> do_shrink_slab+0x14f/0x6a0 shrink_slab+0xca/0x8c0 shrink_node+0x2d0/0x7d0 balance_pgdat+0x33a/0x720 kswapd+0x1f3/0x410 kthread+0xd5/0x100 ret_from_fork+0x2f/0x50 ret_from_fork_asm+0x1a/0x30 </TASK> Modules linked in: mce_inject hwpoison_inject ---[ end trace 0000000000000000 ]--- RIP: 0010:shrink_huge_zero_page_scan+0x168/0x1a0 RSP: 0018:ffff9933c6c57bd0 EFLAGS: 00000246 RAX: 000000000000003e RBX: 0000000000000000 RCX: ffff88f61fc5c9c8 RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff88f61fc5c9c0 RBP: ffffcd7c446b0000 R08: ffffffff9a9405f0 R09: 0000000000005492 R10: 00000000000030ea R11: ffffffff9a9405f0 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: ffff88e703c4ac00 FS: 0000000000000000(0000) GS:ffff88f61fc40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055f4da6e9878 CR3: 0000000c71048000 CR4: 00000000000006f0 The root cause is that HWPoison flag will be set for huge_zero_folio without increasing the folio refcnt. But then unpoison_memory() will decrease the folio refcnt unexpectedly as it appears like a successfully hwpoisoned folio leading to VM_BUG_ON_PAGE(page_ref_count(page) == 0) when releasing huge_zero_folio. Skip unpoisoning huge_zero_folio in unpoison_memory() to fix this issue. We're not prepared to unpoison huge_zero_folio yet.
CVSS3: 5.5
OS | Vendor version | Errata |
---|---|---|
Ubuntu 22.04 | 5.15.0-121.131 | USN-7007-1 |
Ubuntu 22.04 AWS | 5.15.0-1069.75 | USN-7007-1 |
Ubuntu 22.04 Azure | 5.15.0-1072.81 | USN-7009-1 |
RHEL 9 | 5.14.0-427.33.1.el9_4 | RHSA-2024:5928 |
Oracle Linux 9 | 5.14.0-427.33.1.el9_4 | ELSA-2024-5928 |
Ubuntu 20.04 HWE AWS | 5.15.0-1069.75~20.04.1 | USN-7007-1 |
Ubuntu 20.04 HWE Azure | 5.15.0-1072.81~20.04.1 | USN-7009-1 |
Rocky Linux 9 | 5.14.0-427.33.1.el9_4 | RLSA-2024:5928 |
AlmaLinux 9 | 5.14.0-427.33.1.el9_4 | ALSA-2024:5928 |
Oracle Linux 9 UEK 7 | 5.15.0-210.163.7.el9uek | ELSA-2024-12618 |
Oracle Linux 8 UEK 7 | 5.15.0-210.163.7.el8uek | ELSA-2024-12618 |
Debian 12 | 6.1.99-1 | DSA-5731-1 |
Ubuntu 24.04 | 6.8.0-44.44 | USN-6999-1 |
OS | Original kernel version | State |
---|---|---|
Ubuntu 22.04 | |
In Progress |
Ubuntu 22.04 AWS | |
In Progress |
Ubuntu 22.04 Azure | |
Planned |
RHEL 9 |
5.14.0-70.17.1.el9_0
show all
hide all
5.14.0-70.22.1.el9_0
5.14.0-70.5.1.el9_0
5.14.0-70.13.1.el9_0
5.14.0-70.26.1.el9_0
5.14.0-70.30.1.el9_0
5.14.0-162.6.1.el9_1
5.14.0-162.12.1.el9_1
5.14.0-162.18.1.el9_1
5.14.0-162.22.2.el9_1
5.14.0-162.23.1.el9_1
5.14.0-284.11.1.el9_2
5.14.0-284.18.1.el9_2
5.14.0-284.25.1.el9_2
5.14.0-284.30.1.el9_2
5.14.0-362.8.1.el9_3
5.14.0-362.13.1.el9_3
5.14.0-362.18.1.el9_3
5.14.0-362.24.1.el9_3
5.14.0-427.13.1.el9_4
5.14.0-427.16.1.el9_4
5.14.0-427.18.1.el9_4
5.14.0-427.20.1.el9_4
5.14.0-427.22.1.el9_4
5.14.0-427.24.1.el9_4
5.14.0-427.26.1.el9_4
5.14.0-427.28.1.el9_4
5.14.0-427.31.1.el9_4
|
Released |
Oracle Linux 9 |
5.14.0-70.13.1.0.3.el9_0
show all
hide all
5.14.0-70.17.1.0.1.el9_0
5.14.0-70.22.1.0.1.el9_0
5.14.0-70.26.1.0.1.el9_0
5.14.0-162.6.1.el9_1
5.14.0-284.11.1.el9_2
5.14.0-162.23.1.el9_1
5.14.0-162.22.2.el9_1
5.14.0-162.18.1.el9_1
5.14.0-162.12.1.el9_1
5.14.0-70.30.1.0.1.el9_0
5.14.0-284.18.1.el9_2
5.14.0-284.25.1.el9_2
5.14.0-284.25.1.0.1.el9_2
5.14.0-284.30.0.1.el9_2
5.14.0-284.30.1.el9_2
5.14.0-362.8.1.el9_3
5.14.0-362.13.0.1.el9_3
5.14.0-362.13.1.el9_3
5.14.0-362.18.0.1.el9_3
5.14.0-362.18.0.2.el9_3
5.14.0-362.18.1.el9_3
5.14.0-362.24.1.el9_3
5.14.0-362.24.1.0.1.el9_3
5.14.0-427.13.1.el9_4
5.14.0-427.16.1.el9_4
5.14.0-362.24.1.0.2.el9_3
5.14.0-427.18.1.el9_4
5.14.0-427.20.1.el9_4
5.14.0-427.22.1.el9_4
5.14.0-427.24.1.el9_4
5.14.0-427.26.1.el9_4
5.14.0-427.28.1.el9_4
5.14.0-427.31.1.el9_4
|
Released |
Ubuntu 20.04 HWE AWS | |
In Progress |
Ubuntu 20.04 HWE Azure | |
Planned |
Rocky Linux 9 |
5.14.0-162.6.1.el9_1
show all
hide all
5.14.0-70.26.1.el9_0
5.14.0-70.30.1.el9_0
5.14.0-70.22.1.el9_0
5.14.0-162.6.1.el9_1.0.1
5.14.0-162.18.1.el9_1
5.14.0-162.12.1.el9_1.0.1
5.14.0-162.12.1.el9_1.0.2
5.14.0-162.22.2.el9_1
5.14.0-162.23.1.el9_1
5.14.0-284.30.1.el9_2
5.14.0-362.8.1.el9_3
5.14.0-362.13.1.el9_3
5.14.0-362.18.1.el9_3
5.14.0-362.24.1.el9_3
5.14.0-362.18.1.el9_3.0.1
5.14.0-427.16.1.el9_4
5.14.0-362.24.1.el9_3.0.1
5.14.0-427.18.1.el9_4
5.14.0-427.20.1.el9_4
5.14.0-427.24.1.el9_4
5.14.0-427.26.1.el9_4
5.14.0-427.28.1.el9_4
5.14.0-427.20.1.el9_4.0.1
5.14.0-427.22.1.el9_4
5.14.0-427.31.1.el9_4
|
Released |
AlmaLinux 9 |
5.14.0-162.6.1.el9_1
show all
hide all
5.14.0-70.26.1.el9_0
5.14.0-70.30.1.el9_0
5.14.0-70.17.1.el9_0
5.14.0-70.22.1.el9_0
5.14.0-162.12.1.el9_1
5.14.0-162.18.1.el9_1
5.14.0-162.22.2.el9_1
5.14.0-162.23.1.el9_1
5.14.0-284.11.1.el9_2
5.14.0-284.18.1.el9_2
5.14.0-70.13.1.el9_0
5.14.0-284.25.1.el9_2
5.14.0-284.30.1.el9_2
5.14.0-362.8.1.el9_3
5.14.0-362.13.1.el9_3
5.14.0-362.18.1.el9_3
5.14.0-362.24.1.el9_3
5.14.0-427.13.1.el9_4
5.14.0-427.16.1.el9_4
5.14.0-362.24.2.el9_3
5.14.0-427.18.1.el9_4
5.14.0-427.20.1.el9_4
5.14.0-427.24.1.el9_4
5.14.0-427.26.1.el9_4
5.14.0-427.28.1.el9_4
5.14.0-427.22.1.el9_4
5.14.0-427.31.1.el9_4
|
Released |
Oracle Linux 9 UEK 7 | |
Planned |
Oracle Linux 8 UEK 7 | |
Planned |
Debian 12 | |
Planned |
Ubuntu 24.04 | |
Planned |