CVE-2024-35909

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: wwan: t7xx: Split 64bit accesses to fix alignment issues<br /> <br /> Some of the registers are aligned on a 32bit boundary, causing<br /> alignment faults on 64bit platforms.<br /> <br /> Unable to handle kernel paging request at virtual address ffffffc084a1d004<br /> Mem abort info:<br /> ESR = 0x0000000096000061<br /> EC = 0x25: DABT (current EL), IL = 32 bits<br /> SET = 0, FnV = 0<br /> EA = 0, S1PTW = 0<br /> FSC = 0x21: alignment fault<br /> Data abort info:<br /> ISV = 0, ISS = 0x00000061, ISS2 = 0x00000000<br /> CM = 0, WnR = 1, TnD = 0, TagAccess = 0<br /> GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0<br /> swapper pgtable: 4k pages, 39-bit VAs, pgdp=0000000046ad6000<br /> [ffffffc084a1d004] pgd=100000013ffff003, p4d=100000013ffff003, pud=100000013ffff003, pmd=0068000020a00711<br /> Internal error: Oops: 0000000096000061 [#1] SMP<br /> Modules linked in: mtk_t7xx(+) qcserial pppoe ppp_async option nft_fib_inet nf_flow_table_inet mt7921u(O) mt7921s(O) mt7921e(O) mt7921_common(O) iwlmvm(O) iwldvm(O) usb_wwan rndis_host qmi_wwan pppox ppp_generic nft_reject_ipv6 nft_reject_ipv4 nft_reject_inet nft_reject nft_redir nft_quota nft_numgen nft_nat nft_masq nft_log nft_limit nft_hash nft_flow_offload nft_fib_ipv6 nft_fib_ipv4 nft_fib nft_ct nft_chain_nat nf_tables nf_nat nf_flow_table nf_conntrack mt7996e(O) mt792x_usb(O) mt792x_lib(O) mt7915e(O) mt76_usb(O) mt76_sdio(O) mt76_connac_lib(O) mt76(O) mac80211(O) iwlwifi(O) huawei_cdc_ncm cfg80211(O) cdc_ncm cdc_ether wwan usbserial usbnet slhc sfp rtc_pcf8563 nfnetlink nf_reject_ipv6 nf_reject_ipv4 nf_log_syslog nf_defrag_ipv6 nf_defrag_ipv4 mt6577_auxadc mdio_i2c libcrc32c compat(O) cdc_wdm cdc_acm at24 crypto_safexcel pwm_fan i2c_gpio i2c_smbus industrialio i2c_algo_bit i2c_mux_reg i2c_mux_pca954x i2c_mux_pca9541 i2c_mux_gpio i2c_mux dummy oid_registry tun sha512_arm64 sha1_ce sha1_generic seqiv<br /> md5 geniv des_generic libdes cbc authencesn authenc leds_gpio xhci_plat_hcd xhci_pci xhci_mtk_hcd xhci_hcd nvme nvme_core gpio_button_hotplug(O) dm_mirror dm_region_hash dm_log dm_crypt dm_mod dax usbcore usb_common ptp aquantia pps_core mii tpm encrypted_keys trusted<br /> CPU: 3 PID: 5266 Comm: kworker/u9:1 Tainted: G O 6.6.22 #0<br /> Hardware name: Bananapi BPI-R4 (DT)<br /> Workqueue: md_hk_wq t7xx_fsm_uninit [mtk_t7xx]<br /> pstate: 804000c5 (Nzcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)<br /> pc : t7xx_cldma_hw_set_start_addr+0x1c/0x3c [mtk_t7xx]<br /> lr : t7xx_cldma_start+0xac/0x13c [mtk_t7xx]<br /> sp : ffffffc085d63d30<br /> x29: ffffffc085d63d30 x28: 0000000000000000 x27: 0000000000000000<br /> x26: 0000000000000000 x25: ffffff80c804f2c0 x24: ffffff80ca196c05<br /> x23: 0000000000000000 x22: ffffff80c814b9b8 x21: ffffff80c814b128<br /> x20: 0000000000000001 x19: ffffff80c814b080 x18: 0000000000000014<br /> x17: 0000000055c9806b x16: 000000007c5296d0 x15: 000000000f6bca68<br /> x14: 00000000dbdbdce4 x13: 000000001aeaf72a x12: 0000000000000001<br /> x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000<br /> x8 : ffffff80ca1ef6b4 x7 : ffffff80c814b818 x6 : 0000000000000018<br /> x5 : 0000000000000870 x4 : 0000000000000000 x3 : 0000000000000000<br /> x2 : 000000010a947000 x1 : ffffffc084a1d004 x0 : ffffffc084a1d004<br /> Call trace:<br /> t7xx_cldma_hw_set_start_addr+0x1c/0x3c [mtk_t7xx]<br /> t7xx_fsm_uninit+0x578/0x5ec [mtk_t7xx]<br /> process_one_work+0x154/0x2a0<br /> worker_thread+0x2ac/0x488<br /> kthread+0xe0/0xec<br /> ret_from_fork+0x10/0x20<br /> Code: f9400800 91001000 8b214001 d50332bf (f9000022)<br /> ---[ end trace 0000000000000000 ]---<br /> <br /> The inclusion of io-64-nonatomic-lo-hi.h indicates that all 64bit<br /> accesses can be replaced by pairs of nonatomic 32bit access. Fix<br /> alignment by forcing all accesses to be 32bit on 64bit platforms.