CVE-2024-26759

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mm/swap: fix race when skipping swapcache<br /> <br /> When skipping swapcache for SWP_SYNCHRONOUS_IO, if two or more threads<br /> swapin the same entry at the same time, they get different pages (A, B). <br /> Before one thread (T0) finishes the swapin and installs page (A) to the<br /> PTE, another thread (T1) could finish swapin of page (B), swap_free the<br /> entry, then swap out the possibly modified page reusing the same entry. <br /> It breaks the pte_same check in (T0) because PTE value is unchanged,<br /> causing ABA problem. Thread (T0) will install a stalled page (A) into the<br /> PTE and cause data corruption.<br /> <br /> One possible callstack is like this:<br /> <br /> CPU0 CPU1<br /> ---- ----<br /> do_swap_page() do_swap_page() with same entry<br /> <br /> <br /> swap_read_folio()