THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Zendesk (Helpdesk and Chat)

Ok

PUBLISHED

CVE-2021-47387

cpufreq: schedutil: Use kobject release() method to free sugov_tunables

Reserved:2024-05-21
Published:2024-05-21
Updated:2024-06-11

Description

In the Linux kernel, the following vulnerability has been resolved: cpufreq: schedutil: Use kobject release() method to free sugov_tunables The struct sugov_tunables is protected by the kobject, so we can't free it directly. Otherwise we would get a call trace like this: ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x30 WARNING: CPU: 3 PID: 720 at lib/debugobjects.c:505 debug_print_object+0xb8/0x100 Modules linked in: CPU: 3 PID: 720 Comm: a.sh Tainted: G W 5.14.0-rc1-next-20210715-yocto-standard+ #507 Hardware name: Marvell OcteonTX CN96XX board (DT) pstate: 40400009 (nZcv daif +PAN -UAO -TCO BTYPE=--) pc : debug_print_object+0xb8/0x100 lr : debug_print_object+0xb8/0x100 sp : ffff80001ecaf910 x29: ffff80001ecaf910 x28: ffff00011b10b8d0 x27: ffff800011043d80 x26: ffff00011a8f0000 x25: ffff800013cb3ff0 x24: 0000000000000000 x23: ffff80001142aa68 x22: ffff800011043d80 x21: ffff00010de46f20 x20: ffff800013c0c520 x19: ffff800011d8f5b0 x18: 0000000000000010 x17: 6e6968207473696c x16: 5f72656d6974203a x15: 6570797420746365 x14: 6a626f2029302065 x13: 303378302f307830 x12: 2b6e665f72656d69 x11: ffff8000124b1560 x10: ffff800012331520 x9 : ffff8000100ca6b0 x8 : 000000000017ffe8 x7 : c0000000fffeffff x6 : 0000000000000001 x5 : ffff800011d8c000 x4 : ffff800011d8c740 x3 : 0000000000000000 x2 : ffff0001108301c0 x1 : ab3c90eedf9c0f00 x0 : 0000000000000000 Call trace: debug_print_object+0xb8/0x100 __debug_check_no_obj_freed+0x1c0/0x230 debug_check_no_obj_freed+0x20/0x88 slab_free_freelist_hook+0x154/0x1c8 kfree+0x114/0x5d0 sugov_exit+0xbc/0xc0 cpufreq_exit_governor+0x44/0x90 cpufreq_set_policy+0x268/0x4a8 store_scaling_governor+0xe0/0x128 store+0xc0/0xf0 sysfs_kf_write+0x54/0x80 kernfs_fop_write_iter+0x128/0x1c0 new_sync_write+0xf0/0x190 vfs_write+0x2d4/0x478 ksys_write+0x74/0x100 __arm64_sys_write+0x24/0x30 invoke_syscall.constprop.0+0x54/0xe0 do_el0_svc+0x64/0x158 el0_svc+0x2c/0xb0 el0t_64_sync_handler+0xb0/0xb8 el0t_64_sync+0x198/0x19c irq event stamp: 5518 hardirqs last enabled at (5517): [<ffff8000100cbd7c>] console_unlock+0x554/0x6c8 hardirqs last disabled at (5518): [<ffff800010fc0638>] el1_dbg+0x28/0xa0 softirqs last enabled at (5504): [<ffff8000100106e0>] __do_softirq+0x4d0/0x6c0 softirqs last disabled at (5483): [<ffff800010049548>] irq_exit+0x1b0/0x1b8 So split the original sugov_tunables_free() into two functions, sugov_clear_global_tunables() is just used to clear the global_tunables and the new sugov_tunables_free() is used as kobj_type::release to release the sugov_tunables safely.

Product status

Default status
unaffected

9bdcb44e391d before cb4a53ba3753
affected

9bdcb44e391d before 463c46705f32
affected

9bdcb44e391d before 30d57cf2c411
affected

9bdcb44e391d before 67c98e023135
affected

9bdcb44e391d before a7d4fc84404d
affected

9bdcb44e391d before 8d62aec52a8c
affected

9bdcb44e391d before e5c6b312ce3c
affected

Default status
affected

4.7
affected

Any version before 4.7
unaffected

4.9.285
unaffected

4.14.249
unaffected

4.19.209
unaffected

5.4.151
unaffected

5.10.71
unaffected

5.14.10
unaffected

5.15
unaffected

References

https://git.kernel.org/stable/c/cb4a53ba37532c861a5f3f22803391018a41849a

https://git.kernel.org/stable/c/463c46705f321201090b69c4ad5da0cd2ce614c9

https://git.kernel.org/stable/c/30d57cf2c4116ca6d34ecd1cac94ad84f8bc446c

https://git.kernel.org/stable/c/67c98e023135ff81b8d52998a6fdb8ca0c518d82

https://git.kernel.org/stable/c/a7d4fc84404d45d72f4490417e8cc3efa4af93f1

https://git.kernel.org/stable/c/8d62aec52a8c5b1d25a2364b243fcc5098a2ede9

https://git.kernel.org/stable/c/e5c6b312ce3cc97e90ea159446e6bfa06645364d

cve.org CVE-2021-47387

nvd.nist.gov CVE-2021-47387

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2021-47387