CVE-2025-40153
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
12/11/2025
Last modified:
12/11/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
mm: hugetlb: avoid soft lockup when mprotect to large memory area<br />
<br />
When calling mprotect() to a large hugetlb memory area in our customer&#39;s<br />
workload (~300GB hugetlb memory), soft lockup was observed:<br />
<br />
watchdog: BUG: soft lockup - CPU#98 stuck for 23s! [t2_new_sysv:126916]<br />
<br />
CPU: 98 PID: 126916 Comm: t2_new_sysv Kdump: loaded Not tainted 6.17-rc7<br />
Hardware name: GIGACOMPUTING R2A3-T40-AAV1/Jefferson CIO, BIOS 5.4.4.1 07/15/2025<br />
pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)<br />
pc : mte_clear_page_tags+0x14/0x24<br />
lr : mte_sync_tags+0x1c0/0x240<br />
sp : ffff80003150bb80<br />
x29: ffff80003150bb80 x28: ffff00739e9705a8 x27: 0000ffd2d6a00000<br />
x26: 0000ff8e4bc00000 x25: 00e80046cde00f45 x24: 0000000000022458<br />
x23: 0000000000000000 x22: 0000000000000004 x21: 000000011b380000<br />
x20: ffff000000000000 x19: 000000011b379f40 x18: 0000000000000000<br />
x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000<br />
x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000<br />
x11: 0000000000000000 x10: 0000000000000000 x9 : ffffc875e0aa5e2c<br />
x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000<br />
x5 : fffffc01ce7a5c00 x4 : 00000000046cde00 x3 : fffffc0000000000<br />
x2 : 0000000000000004 x1 : 0000000000000040 x0 : ffff0046cde7c000<br />
<br />
Call trace:<br />
mte_clear_page_tags+0x14/0x24<br />
set_huge_pte_at+0x25c/0x280<br />
hugetlb_change_protection+0x220/0x430<br />
change_protection+0x5c/0x8c<br />
mprotect_fixup+0x10c/0x294<br />
do_mprotect_pkey.constprop.0+0x2e0/0x3d4<br />
__arm64_sys_mprotect+0x24/0x44<br />
invoke_syscall+0x50/0x160<br />
el0_svc_common+0x48/0x144<br />
do_el0_svc+0x30/0xe0<br />
el0_svc+0x30/0xf0<br />
el0t_64_sync_handler+0xc4/0x148<br />
el0t_64_sync+0x1a4/0x1a8<br />
<br />
Soft lockup is not triggered with THP or base page because there is<br />
cond_resched() called for each PMD size.<br />
<br />
Although the soft lockup was triggered by MTE, it should be not MTE<br />
specific. The other processing which takes long time in the loop may<br />
trigger soft lockup too.<br />
<br />
So add cond_resched() for hugetlb to avoid soft lockup.
Impact
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/30498c44c2a0b20f6833ed7d8fc3df901507f760
- https://git.kernel.org/stable/c/4975c975ed9457a77953a26aeef85fdba7cf5498
- https://git.kernel.org/stable/c/547e123e9d342a44c756446640ed847a8aeec611
- https://git.kernel.org/stable/c/5783485ab2be06be5312b26c8793526edc09123d
- https://git.kernel.org/stable/c/957faf9582f92bb2be8ebe4ab6aa1c2bc71d9859
- https://git.kernel.org/stable/c/964598e6f70a1be9fe675280bf16b4f96b0a6809
- https://git.kernel.org/stable/c/c6096f3947f68f96defedb8764b3b1ca4cf3469f
- https://git.kernel.org/stable/c/f52ce0ea90c83a28904c7cc203a70e6434adfecb