{"id":"CVE-2024-57884","summary":"mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim()\n\nThe task sometimes continues looping in throttle_direct_reclaim() because\nallow_direct_reclaim(pgdat) keeps returning false.  \n\n #0 [ffff80002cb6f8d0] __switch_to at ffff8000080095ac\n #1 [ffff80002cb6f900] __schedule at ffff800008abbd1c\n #2 [ffff80002cb6f990] schedule at ffff800008abc50c\n #3 [ffff80002cb6f9b0] throttle_direct_reclaim at ffff800008273550\n #4 [ffff80002cb6fa20] try_to_free_pages at ffff800008277b68\n #5 [ffff80002cb6fae0] __alloc_pages_nodemask at ffff8000082c4660\n #6 [ffff80002cb6fc50] alloc_pages_vma at ffff8000082e4a98\n #7 [ffff80002cb6fca0] do_anonymous_page at ffff80000829f5a8\n #8 [ffff80002cb6fce0] __handle_mm_fault at ffff8000082a5974\n #9 [ffff80002cb6fd90] handle_mm_fault at ffff8000082a5bd4\n\nAt this point, the pgdat contains the following two zones:\n\n        NODE: 4  ZONE: 0  ADDR: ffff00817fffe540  NAME: \"DMA32\"\n          SIZE: 20480  MIN/LOW/HIGH: 11/28/45\n          VM_STAT:\n                NR_FREE_PAGES: 359\n        NR_ZONE_INACTIVE_ANON: 18813\n          NR_ZONE_ACTIVE_ANON: 0\n        NR_ZONE_INACTIVE_FILE: 50\n          NR_ZONE_ACTIVE_FILE: 0\n          NR_ZONE_UNEVICTABLE: 0\n        NR_ZONE_WRITE_PENDING: 0\n                     NR_MLOCK: 0\n                    NR_BOUNCE: 0\n                   NR_ZSPAGES: 0\n            NR_FREE_CMA_PAGES: 0\n\n        NODE: 4  ZONE: 1  ADDR: ffff00817fffec00  NAME: \"Normal\"\n          SIZE: 8454144  PRESENT: 98304  MIN/LOW/HIGH: 68/166/264\n          VM_STAT:\n                NR_FREE_PAGES: 146\n        NR_ZONE_INACTIVE_ANON: 94668\n          NR_ZONE_ACTIVE_ANON: 3\n        NR_ZONE_INACTIVE_FILE: 735\n          NR_ZONE_ACTIVE_FILE: 78\n          NR_ZONE_UNEVICTABLE: 0\n        NR_ZONE_WRITE_PENDING: 0\n                     NR_MLOCK: 0\n                    NR_BOUNCE: 0\n                   NR_ZSPAGES: 0\n            NR_FREE_CMA_PAGES: 0\n\nIn allow_direct_reclaim(), while processing ZONE_DMA32, the sum of\ninactive/active file-backed pages calculated in zone_reclaimable_pages()\nbased on the result of zone_page_state_snapshot() is zero.  \n\nAdditionally, since this system lacks swap, the calculation of inactive/\nactive anonymous pages is skipped.\n\n        crash\u003e p nr_swap_pages\n        nr_swap_pages = $1937 = {\n          counter = 0\n        }\n\nAs a result, ZONE_DMA32 is deemed unreclaimable and skipped, moving on to\nthe processing of the next zone, ZONE_NORMAL, despite ZONE_DMA32 having\nfree pages significantly exceeding the high watermark.\n\nThe problem is that the pgdat-\u003ekswapd_failures hasn't been incremented.\n\n        crash\u003e px ((struct pglist_data *) 0xffff00817fffe540)-\u003ekswapd_failures\n        $1935 = 0x0\n\nThis is because the node deemed balanced.  The node balancing logic in\nbalance_pgdat() evaluates all zones collectively.  If one or more zones\n(e.g., ZONE_DMA32) have enough free pages to meet their watermarks, the\nentire node is deemed balanced.  This causes balance_pgdat() to exit early\nbefore incrementing the kswapd_failures, as it considers the overall\nmemory state acceptable, even though some zones (like ZONE_NORMAL) remain\nunder significant pressure.\n\n\nThe patch ensures that zone_reclaimable_pages() includes free pages\n(NR_FREE_PAGES) in its calculation when no other reclaimable pages are\navailable (e.g., file-backed or anonymous pages).  This change prevents\nzones like ZONE_DMA32, which have sufficient free pages, from being\nmistakenly deemed unreclaimable.  By doing so, the patch ensures proper\nnode balancing, avoids masking pressure on other zones like ZONE_NORMAL,\nand prevents infinite loops in throttle_direct_reclaim() caused by\nallow_direct_reclaim(pgdat) repeatedly returning false.\n\n\nThe kernel hangs due to a task stuck in throttle_direct_reclaim(), caused\nby a node being incorrectly deemed balanced despite pressure in certain\nzones, such as ZONE_NORMAL.  This issue arises from\nzone_reclaimable_pages\n---truncated---","modified":"2026-04-02T12:25:20.796889Z","published":"2025-01-15T13:05:37.152Z","related":["MGASA-2025-0030","MGASA-2025-0032","SUSE-SU-2025:0428-1","SUSE-SU-2025:0499-1","SUSE-SU-2025:0557-1","SUSE-SU-2025:0564-1","SUSE-SU-2025:0565-1","SUSE-SU-2025:20165-1","SUSE-SU-2025:20166-1","SUSE-SU-2025:20248-1","SUSE-SU-2025:20249-1","USN-7379-2","USN-7380-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/57xxx/CVE-2024-57884.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/1ff2302e8aeac7f2eedb551d7a89617283b5c6b2"},{"type":"WEB","url":"https://git.kernel.org/stable/c/58d0d02dbc67438fc80223fdd7bbc49cf0733284"},{"type":"WEB","url":"https://git.kernel.org/stable/c/63eac98d6f0898229f515cb62fe4e4db2430e99c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/66cd37660ec34ec444fe42f2277330ae4a36bb19"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6aaced5abd32e2a57cd94fd64f824514d0361da8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/bfb701192129803191c9cd6cdd1f82cd07f8de2c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d675fefbaec3815b3ae0af1bebd97f27df3a05c8"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/57xxx/CVE-2024-57884.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-57884"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"5a1c84b404a7176b8b36e2a0041b6f0adb3151a3"},{"fixed":"66cd37660ec34ec444fe42f2277330ae4a36bb19"},{"fixed":"d675fefbaec3815b3ae0af1bebd97f27df3a05c8"},{"fixed":"63eac98d6f0898229f515cb62fe4e4db2430e99c"},{"fixed":"bfb701192129803191c9cd6cdd1f82cd07f8de2c"},{"fixed":"1ff2302e8aeac7f2eedb551d7a89617283b5c6b2"},{"fixed":"58d0d02dbc67438fc80223fdd7bbc49cf0733284"},{"fixed":"6aaced5abd32e2a57cd94fd64f824514d0361da8"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-57884.json"}}],"schema_version":"1.7.5"}