CVE-2024-40980

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drop_monitor: replace spin_lock by raw_spin_lock<br /> <br /> trace_drop_common() is called with preemption disabled, and it acquires<br /> a spin_lock. This is problematic for RT kernels because spin_locks are<br /> sleeping locks in this configuration, which causes the following splat:<br /> <br /> BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48<br /> in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 449, name: rcuc/47<br /> preempt_count: 1, expected: 0<br /> RCU nest depth: 2, expected: 2<br /> 5 locks held by rcuc/47/449:<br /> #0: ff1100086ec30a60 ((softirq_ctrl.lock)){+.+.}-{2:2}, at: __local_bh_disable_ip+0x105/0x210<br /> #1: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: rt_spin_lock+0xbf/0x130<br /> #2: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: __local_bh_disable_ip+0x11c/0x210<br /> #3: ffffffffb394a160 (rcu_callback){....}-{0:0}, at: rcu_do_batch+0x360/0xc70<br /> #4: ff1100086ee07520 (&amp;data-&gt;lock){+.+.}-{2:2}, at: trace_drop_common.constprop.0+0xb5/0x290<br /> irq event stamp: 139909<br /> hardirqs last enabled at (139908): [] _raw_spin_unlock_irqrestore+0x63/0x80<br /> hardirqs last disabled at (139909): [] trace_drop_common.constprop.0+0x26d/0x290<br /> softirqs last enabled at (139892): [] __local_bh_enable_ip+0x103/0x170<br /> softirqs last disabled at (139898): [] rcu_cpu_kthread+0x93/0x1f0<br /> Preemption disabled at:<br /> [] rt_mutex_slowunlock+0xab/0x2e0<br /> CPU: 47 PID: 449 Comm: rcuc/47 Not tainted 6.9.0-rc2-rt1+ #7<br /> Hardware name: Dell Inc. PowerEdge R650/0Y2G81, BIOS 1.6.5 04/15/2022<br /> Call Trace:<br /> <br /> dump_stack_lvl+0x8c/0xd0<br /> dump_stack+0x14/0x20<br /> __might_resched+0x21e/0x2f0<br /> rt_spin_lock+0x5e/0x130<br /> ? trace_drop_common.constprop.0+0xb5/0x290<br /> ? skb_queue_purge_reason.part.0+0x1bf/0x230<br /> trace_drop_common.constprop.0+0xb5/0x290<br /> ? preempt_count_sub+0x1c/0xd0<br /> ? _raw_spin_unlock_irqrestore+0x4a/0x80<br /> ? __pfx_trace_drop_common.constprop.0+0x10/0x10<br /> ? rt_mutex_slowunlock+0x26a/0x2e0<br /> ? skb_queue_purge_reason.part.0+0x1bf/0x230<br /> ? __pfx_rt_mutex_slowunlock+0x10/0x10<br /> ? skb_queue_purge_reason.part.0+0x1bf/0x230<br /> trace_kfree_skb_hit+0x15/0x20<br /> trace_kfree_skb+0xe9/0x150<br /> kfree_skb_reason+0x7b/0x110<br /> skb_queue_purge_reason.part.0+0x1bf/0x230<br /> ? __pfx_skb_queue_purge_reason.part.0+0x10/0x10<br /> ? mark_lock.part.0+0x8a/0x520<br /> ...<br /> <br /> trace_drop_common() also disables interrupts, but this is a minor issue<br /> because we could easily replace it with a local_lock.<br /> <br /> Replace the spin_lock with raw_spin_lock to avoid sleeping in atomic<br /> context.