发布时间: 2024年8月1日
修改时间: 2024年8月2日
In the Linux kernel, the following vulnerability has been resolved:MIPS: smp: fill in sibling and core maps earlierAfter enabling CONFIG_SCHED_CORE (landed during 5.14 cycle),2-core 2-thread-per-core interAptiv (CPS-driven) started emittingthe following:[ 0.025698] CPU1 revision is: 0001a120 (MIPS interAptiv (multi))[ 0.048183] ------------[ cut here ]------------[ 0.048187] WARNING: CPU: 1 PID: 0 at kernel/sched/core.c:6025 sched_core_cpu_starting+0x198/0x240[ 0.048220] Modules linked in:[ 0.048233] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.17.0-rc3+ #35 b7b319f24073fd9a3c2aa7ad15fb7993eec0b26f[ 0.048247] Stack : 817f0000 00000004 327804c8 810eb050 00000000 00000004 00000000 c314fdd1[ 0.048278] 830cbd64 819c0000 81800000 817f0000 83070bf4 00000001 830cbd08 00000000[ 0.048307] 00000000 00000000 815fcbc4 00000000 00000000 00000000 00000000 00000000[ 0.048334] 00000000 00000000 00000000 00000000 817f0000 00000000 00000000 817f6f34[ 0.048361] 817f0000 818a3c00 817f0000 00000004 00000000 00000000 4dc33260 0018c933[ 0.048389] ...[ 0.048396] Call Trace:[ 0.048399] [<8105a7bc>] show_stack+0x3c/0x140[ 0.048424] [<8131c2a0>] dump_stack_lvl+0x60/0x80[ 0.048440] [<8108b5c0>] __warn+0xc0/0xf4[ 0.048454] [<8108b658>] warn_slowpath_fmt+0x64/0x10c[ 0.048467] [<810bd418>] sched_core_cpu_starting+0x198/0x240[ 0.048483] [<810c6514>] sched_cpu_starting+0x14/0x80[ 0.048497] [<8108c0f8>] cpuhp_invoke_callback_range+0x78/0x140[ 0.048510] [<8108d914>] notify_cpu_starting+0x94/0x140[ 0.048523] [<8106593c>] start_secondary+0xbc/0x280[ 0.048539][ 0.048543] ---[ end trace 0000000000000000 ]---[ 0.048636] Synchronize counters for CPU 1: done....for each but CPU 0/boot.Basic debug printks right before the mentioned line say:[ 0.048170] CPU: 1, smt_mask:So smt_mask, which is sibling mask obviously, is empty when enteringthe function.This is critical, as sched_core_cpu_starting() calculatescore-scheduling parameters only once per CPU start, and it s crucialto have all the parameters filled in at that moment (at least ituses cpu_smt_mask() which in fact is `&cpu_sibling_map[cpu]` onMIPS).A bit of debugging led me to that set_cpu_sibling_map() performingthe actual map calculation, was being invocated afternotify_cpu_start(), and exactly the latter function starts CPU HPcallback round (sched_core_cpu_starting() is basically a CPU HPcallback).While the flow is same on ARM64 (maps after the notifier, althoughbefore calling set_cpu_online()), x86 started calculating siblingmaps earlier than starting the CPU HP callbacks in Linux 4.14 (see[0] for the reference). Neither me nor my brief tests couldn t findany potential caveats in calculating the maps right after performingdelay calibration, but the WARN splat is now gone.The very same debug prints now yield exactly what I expected fromthem:[ 0.048433] CPU: 1, smt_mask: 0-1[0] https://git.kernel.org/pub/scm/linux/kernel/git/mips/linux.git/commit/?id=76ce7cfe35ef
| NVD | openEuler | |
|---|---|---|
| CVSS评分 | 5.5 | 5.5 |
| Attack Vector | Local | Local |
| Attack Complexity | Low | Low |
| Privileges Required | Low | Low |
| User Interaction | None | None |
| Scope | Unchanged | Unchanged |
| Confidentiality | None | None |
| Integrity | None | None |
| Availability | High | High |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2024-4821 | kernel security update | 2024年8月2日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-5A | kernel | Fixed |
| KY3.5.2 | kernel | Unaffected |
| V6 | kernel | Unaffected |
