In the Linux kernel, the following vulnerability has been resolved: **RISCV:** Rewrite of `__kernel_map_pages()` to prevent sleeping in an invalid context. `__kernel_map_pages()` is a debugging function that clears the “valid” bit in page table entries for deallocated pages, thereby detecting illegal memory accesses to freed pages. This function sets/clears the “valid” bit using `__set_memory()`. `__set_memory()` acquires `init_mm`'s semaphore, and this operation may cause a sleep. This is problematic because `__kernel_map_pages()` can be called in an atomic context, and thus sleeping is illegal. An example warning that this causes: **BUG:** A sleeping function is called from an invalid context at `kernel/locking/rwsem.c:1578`. `in_atomic()`: 1, `irqs_disabled()`: 0, `non_block`: 0, `pid`: 2, `name`: `kthreadd`, `preempt_count`: 2, `expected`: 0. **CPU**: 0, **PID**: 2, **Comm**: `kthreadd`, Not tainted, 6.9.0-g1d4c6d784ef6 #37. **Hardware name**: `riscv-virtio,qemu` (DT). **Call trace:** [] `dump_backtrace+0x1c/0x24`. [] `show_stack+0x2c/0x38`. [] `dump_stack_lvl+0x5a/0x72`. [] `dump_stack+0x14/0x1c`. [] `__might_resched+0x104/0x10e`. [] `__might_sleep+0x3e/0x62`. [] `down_write+0x20/0x72`. [] `__set_memory+0x82/0x2fa`. [] `__kernel_map_pages+0x5a/0xd4`. [] `__alloc_pages_bulk+0x3b2/0x43a`. [] `__vmalloc_node_range+0x196/0x6ba`. [] `copy_process+0x72c/0x17ec`. [] `kernel_clone+0x60/0x2fe`. [] `kernel_thread+0x82/0xa0`. [] `kthreadd+0x14a/0x1be`. [] `ret_from_fork+0xe/0x1c`. Rewrite this function using `apply_to_existing_page_range()`. It’s acceptable to not have any locking, because `__kernel_map_pages()` operates on pages that are being allocated/deallocated, and those pages are not changed by anyone else during its execution.

Query Builder