migrate: correct lock ordering for hugetlb file folios
Description
In the Linux kernel, the following vulnerability has been resolved:
migrate: correct lock ordering for hugetlb file folios
Syzbot has found a deadlock (analyzed by Lance Yang):
1) Task (5749): Holds folio_lock, then tries to acquire i_mmap_rwsem(read lock). 2) Task (5754): Holds i_mmap_rwsem(write lock), then tries to acquire folio_lock.
migrate_pages() -> migrate_hugetlbs() -> unmap_and_move_huge_page() <- Takes folio_lock! -> remove_migration_ptes() -> __rmap_walk_file() -> i_mmap_lock_read() <- Waits for i_mmap_rwsem(read lock)!
hugetlbfs_fallocate() -> hugetlbfs_punch_hole() <- Takes i_mmap_rwsem(write lock)! -> hugetlbfs_zero_partial_page() -> filemap_lock_hugetlb_folio() -> filemap_lock_folio() -> __filemap_get_folio <- Waits for folio_lock!
The migration path is the one taking locks in the wrong order according to the documentation at the top of mm/rmap.c. So expand the scope of the existing i_mmap_lock to cover the calls to remove_migration_ptes() too.
This is (mostly) how it used to be after commit c0d0381ade79. That was removed by 336bf30eb765 for both file & anon hugetlb pages when it should only have been removed for anon hugetlb pages.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
115- osv-coords114 versionspkg:rpm/almalinux/bpftoolpkg:rpm/almalinux/kernelpkg:rpm/almalinux/kernel-64kpkg:rpm/almalinux/kernel-64k-corepkg:rpm/almalinux/kernel-64k-debugpkg:rpm/almalinux/kernel-64k-debug-corepkg:rpm/almalinux/kernel-64k-debug-develpkg:rpm/almalinux/kernel-64k-debug-devel-matchedpkg:rpm/almalinux/kernel-64k-debug-modulespkg:rpm/almalinux/kernel-64k-debug-modules-corepkg:rpm/almalinux/kernel-64k-debug-modules-extrapkg:rpm/almalinux/kernel-64k-develpkg:rpm/almalinux/kernel-64k-devel-matchedpkg:rpm/almalinux/kernel-64k-modulespkg:rpm/almalinux/kernel-64k-modules-corepkg:rpm/almalinux/kernel-64k-modules-extrapkg:rpm/almalinux/kernel-abi-stablelistspkg:rpm/almalinux/kernel-corepkg:rpm/almalinux/kernel-cross-headerspkg:rpm/almalinux/kernel-debugpkg:rpm/almalinux/kernel-debug-corepkg:rpm/almalinux/kernel-debug-develpkg:rpm/almalinux/kernel-debug-devel-matchedpkg:rpm/almalinux/kernel-debug-modulespkg:rpm/almalinux/kernel-debug-modules-corepkg:rpm/almalinux/kernel-debug-modules-extrapkg:rpm/almalinux/kernel-debug-uki-virtpkg:rpm/almalinux/kernel-develpkg:rpm/almalinux/kernel-devel-matchedpkg:rpm/almalinux/kernel-docpkg:rpm/almalinux/kernel-headerspkg:rpm/almalinux/kernel-modulespkg:rpm/almalinux/kernel-modules-corepkg:rpm/almalinux/kernel-modules-extrapkg:rpm/almalinux/kernel-modules-extra-matchedpkg:rpm/almalinux/kernel-rtpkg:rpm/almalinux/kernel-rt-64kpkg:rpm/almalinux/kernel-rt-64k-corepkg:rpm/almalinux/kernel-rt-64k-debugpkg:rpm/almalinux/kernel-rt-64k-debug-corepkg:rpm/almalinux/kernel-rt-64k-debug-develpkg:rpm/almalinux/kernel-rt-64k-debug-modulespkg:rpm/almalinux/kernel-rt-64k-debug-modules-corepkg:rpm/almalinux/kernel-rt-64k-debug-modules-extrapkg:rpm/almalinux/kernel-rt-64k-develpkg:rpm/almalinux/kernel-rt-64k-modulespkg:rpm/almalinux/kernel-rt-64k-modules-corepkg:rpm/almalinux/kernel-rt-64k-modules-extrapkg:rpm/almalinux/kernel-rt-corepkg:rpm/almalinux/kernel-rt-debugpkg:rpm/almalinux/kernel-rt-debug-corepkg:rpm/almalinux/kernel-rt-debug-develpkg:rpm/almalinux/kernel-rt-debug-modulespkg:rpm/almalinux/kernel-rt-debug-modules-corepkg:rpm/almalinux/kernel-rt-debug-modules-extrapkg:rpm/almalinux/kernel-rt-develpkg:rpm/almalinux/kernel-rt-modulespkg:rpm/almalinux/kernel-rt-modules-corepkg:rpm/almalinux/kernel-rt-modules-extrapkg:rpm/almalinux/kernel-toolspkg:rpm/almalinux/kernel-tools-libspkg:rpm/almalinux/kernel-tools-libs-develpkg:rpm/almalinux/kernel-uki-virtpkg:rpm/almalinux/kernel-uki-virt-addonspkg:rpm/almalinux/kernel-zfcpdumppkg:rpm/almalinux/kernel-zfcpdump-corepkg:rpm/almalinux/kernel-zfcpdump-develpkg:rpm/almalinux/kernel-zfcpdump-devel-matchedpkg:rpm/almalinux/kernel-zfcpdump-modulespkg:rpm/almalinux/kernel-zfcpdump-modules-corepkg:rpm/almalinux/kernel-zfcpdump-modules-extrapkg:rpm/almalinux/libperfpkg:rpm/almalinux/perfpkg:rpm/almalinux/python3-perfpkg:rpm/almalinux/rtlapkg:rpm/almalinux/rvpkg:rpm/opensuse/dtb-aarch64&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-64kb&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-azure&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-default-base&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-default&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-docs&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-kvmsmall&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-obs-build&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-obs-qa&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-syms&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-zfcpdump&distro=openSUSE%20Leap%2016.0pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/kernel-kvmsmall&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/kernel-kvmsmall&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/kernel-obs-qa&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/kernel-obs-qa&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0
< 4.18.0-553.109.1.el8_10+ 113 more
- (no CPE)range: < 4.18.0-553.109.1.el8_10
- (no CPE)range: < 4.18.0-553.109.1.el8_10
- (no CPE)range: < 5.14.0-611.36.1.el9_7
- (no CPE)range: < 5.14.0-611.36.1.el9_7
- (no CPE)range: < 5.14.0-611.36.1.el9_7
- (no CPE)range: < 5.14.0-611.36.1.el9_7
- (no CPE)range: < 5.14.0-611.36.1.el9_7
- (no CPE)range: < 5.14.0-611.36.1.el9_7
- (no CPE)range: < 5.14.0-611.36.1.el9_7
- (no CPE)range: < 5.14.0-611.36.1.el9_7
- (no CPE)range: < 5.14.0-611.36.1.el9_7
- (no CPE)range: < 5.14.0-611.36.1.el9_7
- (no CPE)range: < 5.14.0-611.36.1.el9_7
- (no CPE)range: < 5.14.0-611.36.1.el9_7
- (no CPE)range: < 5.14.0-611.36.1.el9_7
- (no CPE)range: < 5.14.0-611.36.1.el9_7
- (no CPE)range: < 4.18.0-553.109.1.el8_10
- (no CPE)range: < 4.18.0-553.109.1.el8_10
- (no CPE)range: < 4.18.0-553.109.1.el8_10
- (no CPE)range: < 4.18.0-553.109.1.el8_10
- (no CPE)range: < 4.18.0-553.109.1.el8_10
- (no CPE)range: < 4.18.0-553.109.1.el8_10
- (no CPE)range: < 5.14.0-611.36.1.el9_7
- (no CPE)range: < 4.18.0-553.109.1.el8_10
- (no CPE)range: < 5.14.0-611.36.1.el9_7
- (no CPE)range: < 4.18.0-553.109.1.el8_10
- (no CPE)range: < 5.14.0-611.36.1.el9_7
- (no CPE)range: < 4.18.0-553.109.1.el8_10
- (no CPE)range: < 5.14.0-611.36.1.el9_7
- (no CPE)range: < 4.18.0-553.109.1.el8_10
- (no CPE)range: < 4.18.0-553.109.1.el8_10
- (no CPE)range: < 4.18.0-553.109.1.el8_10
- (no CPE)range: < 5.14.0-611.36.1.el9_7
- (no CPE)range: < 4.18.0-553.109.1.el8_10
- (no CPE)range: < 6.12.0-124.43.1.el10_1
- (no CPE)range: < 4.18.0-553.109.1.rt7.450.el8_10
- (no CPE)range: < 5.14.0-611.36.1.el9_7
- (no CPE)range: < 5.14.0-611.36.1.el9_7
- (no CPE)range: < 5.14.0-611.36.1.el9_7
- (no CPE)range: < 5.14.0-611.36.1.el9_7
- (no CPE)range: < 5.14.0-611.36.1.el9_7
- (no CPE)range: < 5.14.0-611.36.1.el9_7
- (no CPE)range: < 5.14.0-611.36.1.el9_7
- (no CPE)range: < 5.14.0-611.36.1.el9_7
- (no CPE)range: < 5.14.0-611.36.1.el9_7
- (no CPE)range: < 5.14.0-611.36.1.el9_7
- (no CPE)range: < 5.14.0-611.36.1.el9_7
- (no CPE)range: < 5.14.0-611.36.1.el9_7
- (no CPE)range: < 4.18.0-553.109.1.rt7.450.el8_10
- (no CPE)range: < 4.18.0-553.109.1.rt7.450.el8_10
- (no CPE)range: < 4.18.0-553.109.1.rt7.450.el8_10
- (no CPE)range: < 4.18.0-553.109.1.rt7.450.el8_10
- (no CPE)range: < 4.18.0-553.109.1.rt7.450.el8_10
- (no CPE)range: < 5.14.0-611.36.1.el9_7
- (no CPE)range: < 4.18.0-553.109.1.rt7.450.el8_10
- (no CPE)range: < 4.18.0-553.109.1.rt7.450.el8_10
- (no CPE)range: < 4.18.0-553.109.1.rt7.450.el8_10
- (no CPE)range: < 5.14.0-611.36.1.el9_7
- (no CPE)range: < 4.18.0-553.109.1.rt7.450.el8_10
- (no CPE)range: < 4.18.0-553.109.1.el8_10
- (no CPE)range: < 4.18.0-553.109.1.el8_10
- (no CPE)range: < 4.18.0-553.109.1.el8_10
- (no CPE)range: < 5.14.0-611.36.1.el9_7
- (no CPE)range: < 5.14.0-611.36.1.el9_7
- (no CPE)range: < 4.18.0-553.109.1.el8_10
- (no CPE)range: < 4.18.0-553.109.1.el8_10
- (no CPE)range: < 4.18.0-553.109.1.el8_10
- (no CPE)range: < 5.14.0-611.36.1.el9_7
- (no CPE)range: < 4.18.0-553.109.1.el8_10
- (no CPE)range: < 5.14.0-611.36.1.el9_7
- (no CPE)range: < 4.18.0-553.109.1.el8_10
- (no CPE)range: < 5.14.0-611.36.1.el9_7
- (no CPE)range: < 4.18.0-553.109.1.el8_10
- (no CPE)range: < 4.18.0-553.109.1.el8_10
- (no CPE)range: < 5.14.0-611.36.1.el9_7
- (no CPE)range: < 5.14.0-611.36.1.el9_7
- (no CPE)range: < 6.12.0-160000.27.1
- (no CPE)range: < 6.12.0-160000.27.1
- (no CPE)range: < 6.12.0-160000.27.1
- (no CPE)range: < 6.12.0-160000.27.1.160000.2.8
- (no CPE)range: < 6.12.0-160000.27.1
- (no CPE)range: < 6.12.0-160000.27.1
- (no CPE)range: < 6.12.0-160000.27.1
- (no CPE)range: < 6.12.0-160000.27.1
- (no CPE)range: < 6.12.0-160000.27.1
- (no CPE)range: < 6.12.0-160000.27.1
- (no CPE)range: < 6.12.0-160000.27.1
- (no CPE)range: < 6.12.0-160000.27.1
- (no CPE)range: < 6.12.0-160000.27.1
- (no CPE)range: < 6.12.0-160000.27.1
- (no CPE)range: < 6.12.0-160000.27.1
- (no CPE)range: < 6.12.0-160000.27.1
- (no CPE)range: < 6.12.0-160000.27.1
- (no CPE)range: < 6.12.0-160000.27.1
- (no CPE)range: < 6.12.0-160000.27.1.160000.2.8
- (no CPE)range: < 6.12.0-160000.27.1.160000.2.8
- (no CPE)range: < 6.12.0-160000.27.1.160000.2.8
- (no CPE)range: < 6.12.0-160000.27.1
- (no CPE)range: < 6.12.0-160000.27.1
- (no CPE)range: < 6.12.0-160000.27.1
- (no CPE)range: < 6.12.0-160000.27.1
- (no CPE)range: < 6.12.0-160000.27.1
- (no CPE)range: < 6.12.0-160000.27.1
- (no CPE)range: < 6.12.0-160000.27.1
- (no CPE)range: < 6.12.0-160000.27.1
- (no CPE)range: < 6.12.0-160000.27.1
- (no CPE)range: < 6.12.0-160000.27.1
- (no CPE)range: < 6.12.0-160000.27.1
- (no CPE)range: < 6.12.0-160000.27.1
- (no CPE)range: < 6.12.0-160000.27.1
- (no CPE)range: < 6.12.0-160000.27.1
- (no CPE)range: < 6.12.0-160000.27.1
- (no CPE)range: < 6.12.0-160000.27.1
- (no CPE)range: < 6.12.0-160000.27.1
Patches
Vulnerability mechanics
References
7- git.kernel.org/stable/c/1b68efce6dd483d22f50d0d3800c4cfda14b1305mitre
- git.kernel.org/stable/c/526394af4e8ade89cacd1a9ce2b97712712fcc34mitre
- git.kernel.org/stable/c/5edb9854f8df5428b40990a1c7d60507da5bd330mitre
- git.kernel.org/stable/c/ad97b9a55246eb940a26ac977f80892a395cabf9mitre
- git.kernel.org/stable/c/b75070823b89009f5123fd0e05a8e0c3d39937c1mitre
- git.kernel.org/stable/c/b7880cb166ab62c2409046b2347261abf701530emitre
- git.kernel.org/stable/c/e7396d23f9d5739f56cf9ab430c3a169f5508394mitre
News mentions
0No linked articles in our index yet.