Description
In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: take vmap_purge_lock in shrinker decay_va_pool_node() can be invoked concurrently from two paths: __purge_vmap_area_lazy() when pools are being purged, and the shrinker via vmap_node_shrink_scan(). However, decay_va_pool_node() is not safe to run concurrently, and the shrinker path currently lacks serialization, leading to races and possible leaks. Protect decay_va_pool_node() by taking vmap_purge_lock in the shrinker path to ensure serialization with purge users.
Product status
7679ba6b36dbb300b757b672d6a32a606499e14b (git) before 687ccdf582169cd680aeaf24cc953807c4cd4345
7679ba6b36dbb300b757b672d6a32a606499e14b (git) before 12f2341b4c235d5593a433abac201c1c6725787f
7679ba6b36dbb300b757b672d6a32a606499e14b (git) before ec05f51f1e65bce95528543eb73fda56fd201d94
6.9
Any version before 6.9
6.18.27 (semver)
7.0.4 (semver)
7.1-rc1 (original_commit_for_fix)
References
git.kernel.org/...c/687ccdf582169cd680aeaf24cc953807c4cd4345
git.kernel.org/...c/12f2341b4c235d5593a433abac201c1c6725787f
git.kernel.org/...c/ec05f51f1e65bce95528543eb73fda56fd201d94