In the ever-evolving world of software development, it's important to stay on top of newly discovered vulnerabilities and their related patches. Recently, an important vulnerability within the Linux kernel was resolved, effectively reverting the sched/fair commit to prevent system lockups. The commit in question can be identified with the ID bdefa7ae03ecf91b8bfd10ede430cff12fcbd06.

The Original Commit

The original commit aimed to modify the load balancing logic associated with sched/fair in order to continue searching for a detachable task even when encountering a pinned task. By ignoring env.max_loop, the hope was to make it easier for the system to find a detachable task buried deep within a lengthy list of pinned tasks. Here's a link to the original commit - bdefa7ae03ec

The change, however, inadvertently introduced an O(n) iteration by requiring detach_tasks() to completely enumerate every task on a CPU if the majority of them were pinned. As the load balancing code operates with rq lock held, often within a softirq context, this situation could trigger hard lockups within the system.

In one specific instance, this caused issues for a user who had assigned approximately 10,000 threads to a single CPU.

The Reversion

After discussing the issue with Vincent, an initial suggestion was made that would allow the algorithm to still search for detachable tasks without completely removing the task limit. This would have involved raising the number of detachable tasks that could be searched for concurrently.

However, after additional discussions on the mailing list, a general consensus was reached to revert the original patch, as it seemed unlikely anyone would be significantly affected by the original problem. This reverts the commit with ID bdefa7ae03ecf91b8bfd10ede430cff12fcbd06.

Here's a snippet of the code reversion

Revert "sched/fair: Make sure to try to detach at least one movable task"

This reverts commit bdefa7ae03ecf91b8bfd10ede430cff12fcbd06.

Conclusion

It's essential for developers, system administrators, and users to be aware of vulnerabilities like CVE-2024-42245 to ensure their systems are secure and up-to-date.

This particular Linux kernel vulnerability serves as a valuable reminder of the potential risks and unintended consequences associated with patches. By reverting the original patch and providing the proper solution, the developers have taken an important step towards maintaining the stability and security of the Linux kernel.

Timeline

Published on: 08/07/2024 16:15:47 UTC
Last modified on: 08/08/2024 14:53:19 UTC