CVE-2021-47454

2024-05-2207:15:10

416baaa9-dc9f-4396-8d5f-8c081fb06d67

web.nvd.nist.gov

linux kernel

vulnerability

scheduling

cpu offline

powerpc

preemption

idle task

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.7%

JSON

In the Linux kernel, the following vulnerability has been resolved:

powerpc/smp: do not decrement idle task preempt count in CPU offline

With PREEMPT_COUNT=y, when a CPU is offlined and then onlined again, we
get:

BUG: scheduling while atomic: swapper/1/0/0x00000000
no locks held by swapper/1/0.
CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.15.0-rc2+ #100
Call Trace:
dump_stack_lvl+0xac/0x108
__schedule_bug+0xac/0xe0
__schedule+0xcf8/0x10d0
schedule_idle+0x3c/0x70
do_idle+0x2d8/0x4a0
cpu_startup_entry+0x38/0x40
start_secondary+0x2ec/0x3a0
start_secondary_prolog+0x10/0x14

This is because powerpc’s arch_cpu_idle_dead() decrements the idle task’s
preempt count, for reasons explained in commit a7c2bb8279d2 (“powerpc:
Re-enable preemption before cpu_die()”), specifically “start_secondary()
expects a preempt_count() of 0.”

However, since commit 2c669ef6979c (“powerpc/preempt: Don’t touch the idle
task’s preempt_count during hotplug”) and commit f1a0a376ca0c (“sched/core:
Initialize the idle task with preemption disabled”), that justification no
longer holds.

The idle task isn’t supposed to re-enable preemption, so remove the
vestigial preempt_enable() from the CPU offline path.

Tested with pseries and powernv in qemu, and pseries on PowerVM.

Affected configurations

Vulners

Node

linuxlinux_kernelRange5.14–5.10.76

linuxlinux_kernelRange5.11.0–5.14.15

linuxlinux_kernelRange5.15.0≥

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "arch/powerpc/kernel/smp.c"
    ],
    "versions": [
      {
        "version": "bdf4d33e8342",
        "lessThan": "53770a411559",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "2c669ef6979c",
        "lessThan": "3ea0b497a7a2",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "2c669ef6979c",
        "lessThan": "787252a10d94",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "arch/powerpc/kernel/smp.c"
    ],
    "versions": [
      {
        "version": "5.14",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "5.14",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.10.76",
        "lessThanOrEqual": "5.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.14.15",
        "lessThanOrEqual": "5.14.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.15",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]