{"id":"CVE-2022-48731","summary":"mm/kmemleak: avoid scanning potential huge holes","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm/kmemleak: avoid scanning potential huge holes\n\nWhen using devm_request_free_mem_region() and devm_memremap_pages() to\nadd ZONE_DEVICE memory, if requested free mem region's end pfn were\nhuge(e.g., 0x400000000), the node_end_pfn() will be also huge (see\nmove_pfn_range_to_zone()).  Thus it creates a huge hole between\nnode_start_pfn() and node_end_pfn().\n\nWe found on some AMD APUs, amdkfd requested such a free mem region and\ncreated a huge hole.  In such a case, following code snippet was just\ndoing busy test_bit() looping on the huge hole.\n\n  for (pfn = start_pfn; pfn \u003c end_pfn; pfn++) {\n\tstruct page *page = pfn_to_online_page(pfn);\n\t\tif (!page)\n\t\t\tcontinue;\n\t...\n  }\n\nSo we got a soft lockup:\n\n  watchdog: BUG: soft lockup - CPU#6 stuck for 26s! [bash:1221]\n  CPU: 6 PID: 1221 Comm: bash Not tainted 5.15.0-custom #1\n  RIP: 0010:pfn_to_online_page+0x5/0xd0\n  Call Trace:\n    ? kmemleak_scan+0x16a/0x440\n    kmemleak_write+0x306/0x3a0\n    ? common_file_perm+0x72/0x170\n    full_proxy_write+0x5c/0x90\n    vfs_write+0xb9/0x260\n    ksys_write+0x67/0xe0\n    __x64_sys_write+0x1a/0x20\n    do_syscall_64+0x3b/0xc0\n    entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nI did some tests with the patch.\n\n(1) amdgpu module unloaded\n\nbefore the patch:\n\n  real    0m0.976s\n  user    0m0.000s\n  sys     0m0.968s\n\nafter the patch:\n\n  real    0m0.981s\n  user    0m0.000s\n  sys     0m0.973s\n\n(2) amdgpu module loaded\n\nbefore the patch:\n\n  real    0m35.365s\n  user    0m0.000s\n  sys     0m35.354s\n\nafter the patch:\n\n  real    0m1.049s\n  user    0m0.000s\n  sys     0m1.042s","modified":"2026-04-02T08:26:56.342115Z","published":"2024-06-20T11:13:19.407Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48731.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/352715593e81b917ce1b321e794549815b850134"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a5389c80992f0001ee505838fe6a8b20897ce96e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c10a0f877fe007021d70f9cada240f42adc2b5db"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cebb0aceb21ad91429617a40e3a17444fabf1529"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d3533ee20e9a0e2e8f60384da7450d43d1c63d1a"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48731.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48731"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"4ef589dc9b10cdcae75a2b2b0e9b2c5e8a92c378"},{"fixed":"d3533ee20e9a0e2e8f60384da7450d43d1c63d1a"},{"fixed":"352715593e81b917ce1b321e794549815b850134"},{"fixed":"a5389c80992f0001ee505838fe6a8b20897ce96e"},{"fixed":"cebb0aceb21ad91429617a40e3a17444fabf1529"},{"fixed":"c10a0f877fe007021d70f9cada240f42adc2b5db"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48731.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}