CVE-2021-46910

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ARM: 9063/1: mm: reduce maximum number of CPUs if DEBUG_KMAP_LOCAL is enabled<br /> <br /> The debugging code for kmap_local() doubles the number of per-CPU fixmap<br /> slots allocated for kmap_local(), in order to use half of them as guard<br /> regions. This causes the fixmap region to grow downwards beyond the start<br /> of its reserved window if the supported number of CPUs is large, and collide<br /> with the newly added virtual DT mapping right below it, which is obviously<br /> not good.<br /> <br /> One manifestation of this is EFI boot on a kernel built with NR_CPUS=32<br /> and CONFIG_DEBUG_KMAP_LOCAL=y, which may pass the FDT in highmem, resulting<br /> in block entries below the fixmap region that the fixmap code misidentifies<br /> as fixmap table entries, and subsequently tries to dereference using a<br /> phys-to-virt translation that is only valid for lowmem. This results in a<br /> cryptic splat such as the one below.<br /> <br /> ftrace: allocating 45548 entries in 89 pages<br /> 8