CVE-2024-42293

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> arm64: mm: Fix lockless walks with static and dynamic page-table folding<br /> <br /> Lina reports random oopsen originating from the fast GUP code when<br /> 16K pages are used with 4-level page-tables, the fourth level being<br /> folded at runtime due to lack of LPA2.<br /> <br /> In this configuration, the generic implementation of<br /> p4d_offset_lockless() will return a &amp;#39;p4d_t *&amp;#39; corresponding to the<br /> &amp;#39;pgd_t&amp;#39; allocated on the stack of the caller, gup_fast_pgd_range().<br /> This is normally fine, but when the fourth level of page-table is folded<br /> at runtime, pud_offset_lockless() will offset from the address of the<br /> &amp;#39;p4d_t&amp;#39; to calculate the address of the PUD in the same page-table page.<br /> This results in a stray stack read when the &amp;#39;p4d_t&amp;#39; has been allocated<br /> on the stack and can send the walker into the weeds.<br /> <br /> Fix the problem by providing our own definition of p4d_offset_lockless()<br /> when CONFIG_PGTABLE_LEVELS