CVE-2024-35929

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> rcu/nocb: Fix WARN_ON_ONCE() in the rcu_nocb_bypass_lock()<br /> <br /> For the kernels built with CONFIG_RCU_NOCB_CPU_DEFAULT_ALL=y and<br /> CONFIG_RCU_LAZY=y, the following scenarios will trigger WARN_ON_ONCE()<br /> in the rcu_nocb_bypass_lock() and rcu_nocb_wait_contended() functions:<br /> <br /> CPU2 CPU11<br /> kthread<br /> rcu_nocb_cb_kthread ksys_write<br /> rcu_do_batch vfs_write<br /> rcu_torture_timer_cb proc_sys_write<br /> __kmem_cache_free proc_sys_call_handler<br /> kmemleak_free drop_caches_sysctl_handler<br /> delete_object_full drop_slab<br /> __delete_object shrink_slab<br /> put_object lazy_rcu_shrink_scan<br /> call_rcu rcu_nocb_flush_bypass<br /> __call_rcu_commn rcu_nocb_bypass_lock<br /> raw_spin_trylock(&amp;rdp-&gt;nocb_bypass_lock) fail<br /> atomic_inc(&amp;rdp-&gt;nocb_lock_contended);<br /> rcu_nocb_wait_contended WARN_ON_ONCE(smp_processor_id() != rdp-&gt;cpu);<br /> WARN_ON_ONCE(atomic_read(&amp;rdp-&gt;nocb_lock_contended)) |<br /> |_ _ _ _ _ _ _ _ _ _same rdp and rdp-&gt;cpu != 11_ _ _ _ _ _ _ _ _ __|<br /> <br /> Reproduce this bug with "echo 3 &gt; /proc/sys/vm/drop_caches".<br /> <br /> This commit therefore uses rcu_nocb_try_flush_bypass() instead of<br /> rcu_nocb_flush_bypass() in lazy_rcu_shrink_scan(). If the nocb_bypass<br /> queue is being flushed, then rcu_nocb_try_flush_bypass will return<br /> directly.