CVE-2024-42241

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mm/shmem: disable PMD-sized page cache if needed<br /> <br /> For shmem files, it&amp;#39;s possible that PMD-sized page cache can&amp;#39;t be<br /> supported by xarray. For example, 512MB page cache on ARM64 when the base<br /> page size is 64KB can&amp;#39;t be supported by xarray. It leads to errors as the<br /> following messages indicate when this sort of xarray entry is split.<br /> <br /> WARNING: CPU: 34 PID: 7578 at lib/xarray.c:1025 xas_split_alloc+0xf8/0x128<br /> Modules linked in: binfmt_misc nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 \<br /> nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject \<br /> nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 \<br /> ip_set rfkill nf_tables nfnetlink vfat fat virtio_balloon drm fuse xfs \<br /> libcrc32c crct10dif_ce ghash_ce sha2_ce sha256_arm64 sha1_ce virtio_net \<br /> net_failover virtio_console virtio_blk failover dimlib virtio_mmio<br /> CPU: 34 PID: 7578 Comm: test Kdump: loaded Tainted: G W 6.10.0-rc5-gavin+ #9<br /> Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20240524-1.el9 05/24/2024<br /> pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)<br /> pc : xas_split_alloc+0xf8/0x128<br /> lr : split_huge_page_to_list_to_order+0x1c4/0x720<br /> sp : ffff8000882af5f0<br /> x29: ffff8000882af5f0 x28: ffff8000882af650 x27: ffff8000882af768<br /> x26: 0000000000000cc0 x25: 000000000000000d x24: ffff00010625b858<br /> x23: ffff8000882af650 x22: ffffffdfc0900000 x21: 0000000000000000<br /> x20: 0000000000000000 x19: ffffffdfc0900000 x18: 0000000000000000<br /> x17: 0000000000000000 x16: 0000018000000000 x15: 52f8004000000000<br /> x14: 0000e00000000000 x13: 0000000000002000 x12: 0000000000000020<br /> x11: 52f8000000000000 x10: 52f8e1c0ffff6000 x9 : ffffbeb9619a681c<br /> x8 : 0000000000000003 x7 : 0000000000000000 x6 : ffff00010b02ddb0<br /> x5 : ffffbeb96395e378 x4 : 0000000000000000 x3 : 0000000000000cc0<br /> x2 : 000000000000000d x1 : 000000000000000c x0 : 0000000000000000<br /> Call trace:<br /> xas_split_alloc+0xf8/0x128<br /> split_huge_page_to_list_to_order+0x1c4/0x720<br /> truncate_inode_partial_folio+0xdc/0x160<br /> shmem_undo_range+0x2bc/0x6a8<br /> shmem_fallocate+0x134/0x430<br /> vfs_fallocate+0x124/0x2e8<br /> ksys_fallocate+0x4c/0xa0<br /> __arm64_sys_fallocate+0x24/0x38<br /> invoke_syscall.constprop.0+0x7c/0xd8<br /> do_el0_svc+0xb4/0xd0<br /> el0_svc+0x44/0x1d8<br /> el0t_64_sync_handler+0x134/0x150<br /> el0t_64_sync+0x17c/0x180<br /> <br /> Fix it by disabling PMD-sized page cache when HPAGE_PMD_ORDER is larger<br /> than MAX_PAGECACHE_ORDER. As Matthew Wilcox pointed, the page cache in a<br /> shmem file isn&amp;#39;t represented by a multi-index entry and doesn&amp;#39;t have this<br /> limitation when the xarry entry is split until commit 6b24ca4a1a8d ("mm:<br /> Use multi-index entries in the page cache").