-

CVE-2025-40153

In the Linux kernel, the following vulnerability has been resolved:

mm: hugetlb: avoid soft lockup when mprotect to large memory area

When calling mprotect() to a large hugetlb memory area in our customer's
workload (~300GB hugetlb memory), soft lockup was observed:

watchdog: BUG: soft lockup - CPU#98 stuck for 23s! [t2_new_sysv:126916]

CPU: 98 PID: 126916 Comm: t2_new_sysv Kdump: loaded Not tainted 6.17-rc7
Hardware name: GIGACOMPUTING R2A3-T40-AAV1/Jefferson CIO, BIOS 5.4.4.1 07/15/2025
pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : mte_clear_page_tags+0x14/0x24
lr : mte_sync_tags+0x1c0/0x240
sp : ffff80003150bb80
x29: ffff80003150bb80 x28: ffff00739e9705a8 x27: 0000ffd2d6a00000
x26: 0000ff8e4bc00000 x25: 00e80046cde00f45 x24: 0000000000022458
x23: 0000000000000000 x22: 0000000000000004 x21: 000000011b380000
x20: ffff000000000000 x19: 000000011b379f40 x18: 0000000000000000
x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000
x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000
x11: 0000000000000000 x10: 0000000000000000 x9 : ffffc875e0aa5e2c
x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000
x5 : fffffc01ce7a5c00 x4 : 00000000046cde00 x3 : fffffc0000000000
x2 : 0000000000000004 x1 : 0000000000000040 x0 : ffff0046cde7c000

Call trace:
  mte_clear_page_tags+0x14/0x24
  set_huge_pte_at+0x25c/0x280
  hugetlb_change_protection+0x220/0x430
  change_protection+0x5c/0x8c
  mprotect_fixup+0x10c/0x294
  do_mprotect_pkey.constprop.0+0x2e0/0x3d4
  __arm64_sys_mprotect+0x24/0x44
  invoke_syscall+0x50/0x160
  el0_svc_common+0x48/0x144
  do_el0_svc+0x30/0xe0
  el0_svc+0x30/0xf0
  el0t_64_sync_handler+0xc4/0x148
  el0t_64_sync+0x1a4/0x1a8

Soft lockup is not triggered with THP or base page because there is
cond_resched() called for each PMD size.

Although the soft lockup was triggered by MTE, it should be not MTE
specific.  The other processing which takes long time in the loop may
trigger soft lockup too.

So add cond_resched() for hugetlb to avoid soft lockup.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version < 30498c44c2a0b20f6833ed7d8fc3df901507f760
Version 8f860591ffb29738cf5539b6fbf27f50dcdeb380
Status affected
Version < 5783485ab2be06be5312b26c8793526edc09123d
Version 8f860591ffb29738cf5539b6fbf27f50dcdeb380
Status affected
Version < 547e123e9d342a44c756446640ed847a8aeec611
Version 8f860591ffb29738cf5539b6fbf27f50dcdeb380
Status affected
Version < 957faf9582f92bb2be8ebe4ab6aa1c2bc71d9859
Version 8f860591ffb29738cf5539b6fbf27f50dcdeb380
Status affected
Version < 964598e6f70a1be9fe675280bf16b4f96b0a6809
Version 8f860591ffb29738cf5539b6fbf27f50dcdeb380
Status affected
Version < 4975c975ed9457a77953a26aeef85fdba7cf5498
Version 8f860591ffb29738cf5539b6fbf27f50dcdeb380
Status affected
Version < c6096f3947f68f96defedb8764b3b1ca4cf3469f
Version 8f860591ffb29738cf5539b6fbf27f50dcdeb380
Status affected
Version < f52ce0ea90c83a28904c7cc203a70e6434adfecb
Version 8f860591ffb29738cf5539b6fbf27f50dcdeb380
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 2.6.17
Status affected
Version < 2.6.17
Version 0
Status unaffected
Version <= 5.4.*
Version 5.4.301
Status unaffected
Version <= 5.10.*
Version 5.10.246
Status unaffected
Version <= 5.15.*
Version 5.15.195
Status unaffected
Version <= 6.1.*
Version 6.1.156
Status unaffected
Version <= 6.6.*
Version 6.6.112
Status unaffected
Version <= 6.12.*
Version 6.12.53
Status unaffected
Version <= 6.17.*
Version 6.17.3
Status unaffected
Version <= *
Version 6.18
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.06% 0.193
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String