CVE-2024-27055: workqueue: Don't call cpumask_test_cpu() with -1 CPU in wq_update_node_max_active() - Greg Kroah-Hartman

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-cve-announce@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Subject: CVE-2024-27055: workqueue: Don't call cpumask_test_cpu() with -1 CPU in wq_update_node_max_active()
Date: Wed,  1 May 2024 14:57:40 +0200	[thread overview]
Message-ID: <2024050115-CVE-2024-27055-449e@gregkh> (raw)

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

workqueue: Don't call cpumask_test_cpu() with -1 CPU in wq_update_node_max_active()

For wq_update_node_max_active(), @off_cpu of -1 indicates that no CPU is
going down. The function was incorrectly calling cpumask_test_cpu() with -1
CPU leading to oopses like the following on some archs:

  Unable to handle kernel paging request at virtual address ffff0002100296e0
  ..
  pc : wq_update_node_max_active+0x50/0x1fc
  lr : wq_update_node_max_active+0x1f0/0x1fc
  ...
  Call trace:
    wq_update_node_max_active+0x50/0x1fc
    apply_wqattrs_commit+0xf0/0x114
    apply_workqueue_attrs_locked+0x58/0xa0
    alloc_workqueue+0x5ac/0x774
    workqueue_init_early+0x460/0x540
    start_kernel+0x258/0x684
    __primary_switched+0xb8/0xc0
  Code: 9100a273 35000d01 53067f00 d0016dc1 (f8607a60)
  ---[ end trace 0000000000000000 ]---
  Kernel panic - not syncing: Attempted to kill the idle task!
  ---[ end Kernel panic - not syncing: Attempted to kill the idle task! ]---

Fix it.

The Linux kernel CVE team has assigned CVE-2024-27055 to this issue.

Affected and fixed versions
===========================

	Issue introduced in 6.6.23 with commit 5a70baec2294 and fixed in 6.6.25 with commit a75ac2693d73
	Issue introduced in 6.8.2 with commit 843288afd3cc and fixed in 6.8.4 with commit adc646d21269

Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.

Unaffected versions might change over time as fixes are backported to
older supported kernel versions.  The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-27055
will be updated if fixes are backported, please check that for the most
up to date information about this issue.

Affected files
==============

The file(s) affected by this issue are:
	kernel/workqueue.c

Mitigation
==========

The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes.  Individual
changes are never tested alone, but rather are part of a larger kernel
release.  Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all.  If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
	https://git.kernel.org/stable/c/7df62b8cca38aa452b508b477b16544cba615084
	https://git.kernel.org/stable/c/a75ac2693d734d20724f0e10e039ca85f1fcfc4e
	https://git.kernel.org/stable/c/38c19c44cc05ec1e84d2e31a9a289b83b6c7ec85
	https://git.kernel.org/stable/c/9fc557d489f8163c1aabcb89114b8eba960f4097
	https://git.kernel.org/stable/c/adc646d2126988a64234502f579e4bc2b080d7cf
	https://git.kernel.org/stable/c/15930da42f8981dc42c19038042947b475b19f47