We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-56677

powerpc/fadump: Move fadump_cma_init to setup_arch() after initmem_init()



Description

In the Linux kernel, the following vulnerability has been resolved: powerpc/fadump: Move fadump_cma_init to setup_arch() after initmem_init() During early init CMA_MIN_ALIGNMENT_BYTES can be PAGE_SIZE, since pageblock_order is still zero and it gets initialized later during initmem_init() e.g. setup_arch() -> initmem_init() -> sparse_init() -> set_pageblock_order() One such use case where this causes issue is - early_setup() -> early_init_devtree() -> fadump_reserve_mem() -> fadump_cma_init() This causes CMA memory alignment check to be bypassed in cma_init_reserved_mem(). Then later cma_activate_area() can hit a VM_BUG_ON_PAGE(pfn & ((1 << order) - 1)) if the reserved memory area was not pageblock_order aligned. Fix it by moving the fadump_cma_init() after initmem_init(), where other such cma reservations also gets called. <stack trace> ============== page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10010 flags: 0x13ffff800000000(node=1|zone=0|lastcpupid=0x7ffff) CMA raw: 013ffff800000000 5deadbeef0000100 5deadbeef0000122 0000000000000000 raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: VM_BUG_ON_PAGE(pfn & ((1 << order) - 1)) ------------[ cut here ]------------ kernel BUG at mm/page_alloc.c:778! Call Trace: __free_one_page+0x57c/0x7b0 (unreliable) free_pcppages_bulk+0x1a8/0x2c8 free_unref_page_commit+0x3d4/0x4e4 free_unref_page+0x458/0x6d0 init_cma_reserved_pageblock+0x114/0x198 cma_init_reserved_areas+0x270/0x3e0 do_one_initcall+0x80/0x2f8 kernel_init_freeable+0x33c/0x530 kernel_init+0x34/0x26c ret_from_kernel_user_thread+0x14/0x1c

Reserved 2024-12-27 | Published 2024-12-28 | Updated 2024-12-28 | Assigner Linux

Product status

Default status
unaffected

11ac3e87ce09c27f4587a8c4fe0829d814021a82 before aabef6301dcf410dfd2b8759cd413b2a003c7e3f
affected

11ac3e87ce09c27f4587a8c4fe0829d814021a82 before c5c1d1ef70834013fc3bd12b6a0f4664c6d75a74
affected

11ac3e87ce09c27f4587a8c4fe0829d814021a82 before f551637fe9bf863386309e03f9d148d97f535ad1
affected

11ac3e87ce09c27f4587a8c4fe0829d814021a82 before 7351c5a6507b4401aeecadb5959131410a339520
affected

11ac3e87ce09c27f4587a8c4fe0829d814021a82 before 05b94cae1c47f94588c3e7096963c1007c4d9c1d
affected

Default status
affected

5.19
affected

Any version before 5.19
unaffected

6.1.120
unaffected

6.6.64
unaffected

6.11.11
unaffected

6.12.2
unaffected

6.13-rc1
unaffected

References

git.kernel.org/...c/aabef6301dcf410dfd2b8759cd413b2a003c7e3f

git.kernel.org/...c/c5c1d1ef70834013fc3bd12b6a0f4664c6d75a74

git.kernel.org/...c/f551637fe9bf863386309e03f9d148d97f535ad1

git.kernel.org/...c/7351c5a6507b4401aeecadb5959131410a339520

git.kernel.org/...c/05b94cae1c47f94588c3e7096963c1007c4d9c1d

cve.org (CVE-2024-56677)

nvd.nist.gov (CVE-2024-56677)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-56677

Support options

Helpdesk Chat, Email, Knowledgebase
Subscribe to our newsletter to learn more about our work.