CVE-2024-57917

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> topology: Keep the cpumask unchanged when printing cpumap<br /> <br /> During fuzz testing, the following warning was discovered:<br /> <br /> different return values (15 and 11) from vsnprintf("%*pbl<br /> ", ...)<br /> <br /> test:keyward is WARNING in kvasprintf<br /> WARNING: CPU: 55 PID: 1168477 at lib/kasprintf.c:30 kvasprintf+0x121/0x130<br /> Call Trace:<br /> kvasprintf+0x121/0x130<br /> kasprintf+0xa6/0xe0<br /> bitmap_print_to_buf+0x89/0x100<br /> core_siblings_list_read+0x7e/0xb0<br /> kernfs_file_read_iter+0x15b/0x270<br /> new_sync_read+0x153/0x260<br /> vfs_read+0x215/0x290<br /> ksys_read+0xb9/0x160<br /> do_syscall_64+0x56/0x100<br /> entry_SYSCALL_64_after_hwframe+0x78/0xe2<br /> <br /> The call trace shows that kvasprintf() reported this warning during the<br /> printing of core_siblings_list. kvasprintf() has several steps:<br /> <br /> (1) First, calculate the length of the resulting formatted string.<br /> <br /> (2) Allocate a buffer based on the returned length.<br /> <br /> (3) Then, perform the actual string formatting.<br /> <br /> (4) Check whether the lengths of the formatted strings returned in<br /> steps (1) and (2) are consistent.<br /> <br /> If the core_cpumask is modified between steps (1) and (3), the lengths<br /> obtained in these two steps may not match. Indeed our test includes cpu<br /> hotplugging, which should modify core_cpumask while printing.<br /> <br /> To fix this issue, cache the cpumask into a temporary variable before<br /> calling cpumap_print_{list, cpumask}_to_buf(), to keep it unchanged<br /> during the printing process.