CVE-2024-56585 in Linux
Summary
by MITRE • 12/27/2024
In the Linux kernel, the following vulnerability has been resolved:
LoongArch: Fix sleeping in atomic context for PREEMPT_RT
Commit bab1c299f3945ffe79 ("LoongArch: Fix sleeping in atomic context in setup_tlb_handler()") changes the gfp flag from GFP_KERNEL to GFP_ATOMIC for alloc_pages_node(). However, for PREEMPT_RT kernels we can still get a "sleeping in atomic context" error:
[ 0.372259] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48
[ 0.372266] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 0, name: swapper/1
[ 0.372268] preempt_count: 1, expected: 0
[ 0.372270] RCU nest depth: 1, expected: 1
[ 0.372272] 3 locks held by swapper/1/0:
[ 0.372274] #0: 900000000c9f5e60 (&pcp->lock){+.+.}-{3:3}, at: get_page_from_freelist+0x524/0x1c60
[ 0.372294] #1: 90000000087013b8 (rcu_read_lock){....}-{1:3}, at: rt_spin_trylock+0x50/0x140
[ 0.372305] #2: 900000047fffd388 (&zone->lock){+.+.}-{3:3}, at: __rmqueue_pcplist+0x30c/0xea0
[ 0.372314] irq event stamp: 0
[ 0.372316] hardirqs last enabled at (0): [] 0x0
[ 0.372322] hardirqs last disabled at (0): [] copy_process+0x9c0/0x26e0
[ 0.372329] softirqs last enabled at (0): [] copy_process+0x9c0/0x26e0
[ 0.372335] softirqs last disabled at (0): [] 0x0
[ 0.372341] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.12.0-rc7+ #1891
[ 0.372346] Hardware name: Loongson Loongson-3A5000-7A1000-1w-CRB/Loongson-LS3A5000-7A1000-1w-CRB, BIOS vUDK2018-LoongArch-V2.0.0-prebeta9 10/21/2022
[ 0.372349] Stack : 0000000000000089 9000000005a0db9c 90000000071519c8 9000000100388000
[ 0.372486] 900000010038b890 0000000000000000 900000010038b898 9000000007e53788
[ 0.372492] 900000000815bcc8 900000000815bcc0 900000010038b700 0000000000000001
[ 0.372498] 0000000000000001 4b031894b9d6b725 00000000055ec000 9000000100338fc0
[ 0.372503] 00000000000000c4 0000000000000001 000000000000002d 0000000000000003
[ 0.372509] 0000000000000030 0000000000000003 00000000055ec000 0000000000000003
[ 0.372515] 900000000806d000 9000000007e53788 00000000000000b0 0000000000000004
[ 0.372521] 0000000000000000 0000000000000000 900000000c9f5f10 0000000000000000
[ 0.372526] 90000000076f12d8 9000000007e53788 9000000005924778 0000000000000000
[ 0.372532] 00000000000000b0 0000000000000004 0000000000000000 0000000000070000
[ 0.372537] ...
[ 0.372540] Call Trace:
[ 0.372542] [] show_stack+0x38/0x180
[ 0.372548] [] dump_stack_lvl+0x94/0xe4
[ 0.372555] [] __might_resched+0x1a0/0x260
[ 0.372561] [] rt_spin_lock+0x4c/0x140
[ 0.372565] [] __rmqueue_pcplist+0x308/0xea0
[ 0.372570] [] get_page_from_freelist+0x564/0x1c60
[ 0.372575] [] __alloc_pages_noprof+0x218/0x1820
[ 0.372580] [] tlb_init+0x1ac/0x298
[ 0.372585] [] per_cpu_trap_init+0x114/0x140
[ 0.372589] [] cpu_probe+0x4e4/0xa60
[ 0.372592] [] start_secondary+0x34/0xc0
[ 0.372599] [] smpboot_entry+0x64/0x6c
This is because in PREEMPT_RT kernels normal spinlocks are replaced by rt spinlocks and rt_spin_lock() will cause sleeping. Fix it by disabling NUMA optimization completely for PREEMPT_RT kernels.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 01/05/2026
The vulnerability CVE-2024-56585 affects the Linux kernel's LoongArch architecture implementation and specifically targets issues arising in PREEMPT_RT kernel configurations. This flaw manifests as a "sleeping in atomic context" error that occurs during kernel initialization when the system attempts to set up TLB handlers. The root cause stems from an incorrect GFP flag usage in the alloc_pages_node() function, where the transition from GFP_KERNEL to GFP_ATOMIC was intended to prevent sleeping but proved insufficient in PREEMPT_RT environments. The issue is particularly critical because it occurs during early boot phases when the kernel is initializing CPU components and setting up memory management structures.
The technical flaw arises from the fundamental differences between standard Linux kernel locking mechanisms and those used in PREEMPT_RT configurations. In standard kernels, spinlocks are implemented as simple spinlocks that cannot sleep, but in PREEMPT_RT kernels, these are replaced with real-time spinlocks that can indeed cause sleeping behavior when contention occurs. The stack trace reveals that the issue originates from rt_spin_lock() calls within the memory allocation path, specifically during tlb_init() and per_cpu_trap_init() functions. The error shows that the system is in atomic context with in_atomic() returning 1, indicating that sleeping operations are not permitted, yet the rt_spin_lock() function attempts to sleep, violating kernel safety constraints.
This vulnerability directly impacts system stability and boot processes, particularly affecting systems running PREEMPT_RT enabled kernels on LoongArch hardware. The operational consequences extend beyond simple boot failures to potentially causing system crashes or hangs during critical initialization phases. The vulnerability is classified under CWE-367, which addresses Time-of-Check to Time-of-Use (TOCTOU) errors and improper handling of atomic contexts, and aligns with ATT&CK technique T1490 for Deobfuscation, as the issue involves incorrect context handling during kernel boot. The problem occurs during kernel initialization when the system attempts to set up per-CPU trap handling and TLB management structures, making it particularly dangerous for real-time systems that depend on deterministic behavior.
The recommended mitigation strategy involves disabling NUMA optimization completely for PREEMPT_RT kernels, as suggested by the patch resolution. This approach ensures that the problematic allocation paths that could lead to sleeping in atomic contexts are bypassed entirely. System administrators should consider this patch carefully, as disabling NUMA optimization may impact performance on multi-socket systems. The fix represents a defensive programming approach that prioritizes correctness over optimization, aligning with security best practices for real-time kernel configurations. Organizations running PREEMPT_RT enabled systems on LoongArch architecture should prioritize applying this fix to prevent potential system instability and ensure proper boot behavior. The solution also demonstrates the importance of considering real-time kernel constraints when implementing memory management optimizations, particularly in embedded and industrial systems where deterministic behavior is critical.