CVE-2024-49980

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> vrf: revert "vrf: Remove unnecessary RCU-bh critical section"<br /> <br /> This reverts commit 504fc6f4f7f681d2a03aa5f68aad549d90eab853.<br /> <br /> dev_queue_xmit_nit is expected to be called with BH disabled.<br /> __dev_queue_xmit has the following:<br /> <br /> /* Disable soft irqs for various locks below. Also<br /> * stops preemption for RCU.<br /> */<br /> rcu_read_lock_bh();<br /> <br /> VRF must follow this invariant. The referenced commit removed this<br /> protection. Which triggered a lockdep warning:<br /> <br /> ================================<br /> WARNING: inconsistent lock state<br /> 6.11.0 #1 Tainted: G W<br /> --------------------------------<br /> inconsistent {IN-SOFTIRQ-W} -&gt; {SOFTIRQ-ON-W} usage.<br /> btserver/134819 [HC0[0]:SC0[0]:HE1:SE1] takes:<br /> ffff8882da30c118 (rlock-AF_PACKET){+.?.}-{2:2}, at: tpacket_rcv+0x863/0x3b30<br /> {IN-SOFTIRQ-W} state was registered at:<br /> lock_acquire+0x19a/0x4f0<br /> _raw_spin_lock+0x27/0x40<br /> packet_rcv+0xa33/0x1320<br /> __netif_receive_skb_core.constprop.0+0xcb0/0x3a90<br /> __netif_receive_skb_list_core+0x2c9/0x890<br /> netif_receive_skb_list_internal+0x610/0xcc0<br /> [...]<br /> <br /> other info that might help us debug this:<br /> Possible unsafe locking scenario:<br /> <br /> CPU0<br /> ----<br /> lock(rlock-AF_PACKET);<br /> <br /> lock(rlock-AF_PACKET);<br /> <br /> *** DEADLOCK ***<br /> <br /> Call Trace:<br /> <br /> dump_stack_lvl+0x73/0xa0<br /> mark_lock+0x102e/0x16b0<br /> __lock_acquire+0x9ae/0x6170<br /> lock_acquire+0x19a/0x4f0<br /> _raw_spin_lock+0x27/0x40<br /> tpacket_rcv+0x863/0x3b30<br /> dev_queue_xmit_nit+0x709/0xa40<br /> vrf_finish_direct+0x26e/0x340 [vrf]<br /> vrf_l3_out+0x5f4/0xe80 [vrf]<br /> __ip_local_out+0x51e/0x7a0<br /> [...]