CVE-2025-40153

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mm: hugetlb: avoid soft lockup when mprotect to large memory area<br /> <br /> When calling mprotect() to a large hugetlb memory area in our customer&amp;#39;s<br /> workload (~300GB hugetlb memory), soft lockup was observed:<br /> <br /> watchdog: BUG: soft lockup - CPU#98 stuck for 23s! [t2_new_sysv:126916]<br /> <br /> CPU: 98 PID: 126916 Comm: t2_new_sysv Kdump: loaded Not tainted 6.17-rc7<br /> Hardware name: GIGACOMPUTING R2A3-T40-AAV1/Jefferson CIO, BIOS 5.4.4.1 07/15/2025<br /> pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)<br /> pc : mte_clear_page_tags+0x14/0x24<br /> lr : mte_sync_tags+0x1c0/0x240<br /> sp : ffff80003150bb80<br /> x29: ffff80003150bb80 x28: ffff00739e9705a8 x27: 0000ffd2d6a00000<br /> x26: 0000ff8e4bc00000 x25: 00e80046cde00f45 x24: 0000000000022458<br /> x23: 0000000000000000 x22: 0000000000000004 x21: 000000011b380000<br /> x20: ffff000000000000 x19: 000000011b379f40 x18: 0000000000000000<br /> x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000<br /> x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000<br /> x11: 0000000000000000 x10: 0000000000000000 x9 : ffffc875e0aa5e2c<br /> x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000<br /> x5 : fffffc01ce7a5c00 x4 : 00000000046cde00 x3 : fffffc0000000000<br /> x2 : 0000000000000004 x1 : 0000000000000040 x0 : ffff0046cde7c000<br /> <br /> Call trace:<br />   mte_clear_page_tags+0x14/0x24<br />   set_huge_pte_at+0x25c/0x280<br />   hugetlb_change_protection+0x220/0x430<br />   change_protection+0x5c/0x8c<br />   mprotect_fixup+0x10c/0x294<br />   do_mprotect_pkey.constprop.0+0x2e0/0x3d4<br />   __arm64_sys_mprotect+0x24/0x44<br />   invoke_syscall+0x50/0x160<br />   el0_svc_common+0x48/0x144<br />   do_el0_svc+0x30/0xe0<br />   el0_svc+0x30/0xf0<br />   el0t_64_sync_handler+0xc4/0x148<br />   el0t_64_sync+0x1a4/0x1a8<br /> <br /> Soft lockup is not triggered with THP or base page because there is<br /> cond_resched() called for each PMD size.<br /> <br /> Although the soft lockup was triggered by MTE, it should be not MTE<br /> specific. The other processing which takes long time in the loop may<br /> trigger soft lockup too.<br /> <br /> So add cond_resched() for hugetlb to avoid soft lockup.