{ "threat_severity" : "Moderate", "public_date" : "2024-02-27T00:00:00Z", "bugzilla" : { "description" : "kernel: tracing: Restructure trace_clock_global() to never block", "id" : "2266497", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2266497" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-833", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\ntracing: Restructure trace_clock_global() to never block\nIt was reported that a fix to the ring buffer recursion detection would\ncause a hung machine when performing suspend / resume testing. The\nfollowing backtrace was extracted from debugging that case:\nCall Trace:\ntrace_clock_global+0x91/0xa0\n__rb_reserve_next+0x237/0x460\nring_buffer_lock_reserve+0x12a/0x3f0\ntrace_buffer_lock_reserve+0x10/0x50\n__trace_graph_return+0x1f/0x80\ntrace_graph_return+0xb7/0xf0\n? trace_clock_global+0x91/0xa0\nftrace_return_to_handler+0x8b/0xf0\n? pv_hash+0xa0/0xa0\nreturn_to_handler+0x15/0x30\n? ftrace_graph_caller+0xa0/0xa0\n? trace_clock_global+0x91/0xa0\n? __rb_reserve_next+0x237/0x460\n? ring_buffer_lock_reserve+0x12a/0x3f0\n? trace_event_buffer_lock_reserve+0x3c/0x120\n? trace_event_buffer_reserve+0x6b/0xc0\n? trace_event_raw_event_device_pm_callback_start+0x125/0x2d0\n? dpm_run_callback+0x3b/0xc0\n? pm_ops_is_empty+0x50/0x50\n? platform_get_irq_byname_optional+0x90/0x90\n? trace_device_pm_callback_start+0x82/0xd0\n? dpm_run_callback+0x49/0xc0\nWith the following RIP:\nRIP: 0010:native_queued_spin_lock_slowpath+0x69/0x200\nSince the fix to the recursion detection would allow a single recursion to\nhappen while tracing, this lead to the trace_clock_global() taking a spin\nlock and then trying to take it again:\nring_buffer_lock_reserve() {\ntrace_clock_global() {\narch_spin_lock() {\nqueued_spin_lock_slowpath() {\n/* lock taken */\n(something else gets traced by function graph tracer)\nring_buffer_lock_reserve() {\ntrace_clock_global() {\narch_spin_lock() {\nqueued_spin_lock_slowpath() {\n/* DEAD LOCK! */\nTracing should *never* block, as it can lead to strange lockups like the\nabove.\nRestructure the trace_clock_global() code to instead of simply taking a\nlock to update the recorded \"prev_time\" simply use it, as two events\nhappening on two different CPUs that calls this at the same time, really\ndoesn't matter which one goes first. Use a trylock to grab the lock for\nupdating the prev_time, and if it fails, simply try again the next time.\nIf it failed to be taken, that means something else is already updating\nit.\nBugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=212761" ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2024-08-08T00:00:00Z", "advisory" : "RHSA-2024:5102", "cpe" : "cpe:/a:redhat:enterprise_linux:8::nfv", "package" : "kernel-rt-0:4.18.0-553.16.1.rt7.357.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2024-08-08T00:00:00Z", "advisory" : "RHSA-2024:5101", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "kernel-0:4.18.0-553.16.1.el8_10" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2021-46939\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-46939\nhttps://lore.kernel.org/linux-cve-announce/20240227184057.2368370-4-gregkh@linuxfoundation.org/T/#u" ], "name" : "CVE-2021-46939", "csaw" : false }