CVE-2024-42316

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mm/mglru: fix div-by-zero in vmpressure_calc_level()<br /> <br /> evict_folios() uses a second pass to reclaim folios that have gone through<br /> page writeback and become clean before it finishes the first pass, since<br /> folio_rotate_reclaimable() cannot handle those folios due to the<br /> isolation.<br /> <br /> The second pass tries to avoid potential double counting by deducting<br /> scan_control-&gt;nr_scanned. However, this can result in underflow of<br /> nr_scanned, under a condition where shrink_folio_list() does not increment<br /> nr_scanned, i.e., when folio_trylock() fails.<br /> <br /> The underflow can cause the divisor, i.e., scale=scanned+reclaimed in<br /> vmpressure_calc_level(), to become zero, resulting in the following crash:<br /> <br /> [exception RIP: vmpressure_work_fn+101]<br /> process_one_work at ffffffffa3313f2b<br /> <br /> Since scan_control-&gt;nr_scanned has no established semantics, the potential<br /> double counting has minimal risks. Therefore, fix the problem by not<br /> deducting scan_control-&gt;nr_scanned in evict_folios().