CVE-2024-26947

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses<br /> <br /> Since commit a4d5613c4dc6 ("arm: extend pfn_valid to take into account<br /> freed memory map alignment") changes the semantics of pfn_valid() to check<br /> presence of the memory map for a PFN. A valid page for an address which<br /> is reserved but not mapped by the kernel[1], the system crashed during<br /> some uio test with the following memory layout:<br /> <br /> node 0: [mem 0x00000000c0a00000-0x00000000cc8fffff]<br /> node 0: [mem 0x00000000d0000000-0x00000000da1fffff]<br /> the uio layout is：0xc0900000, 0x100000<br /> <br /> the crash backtrace like:<br /> <br /> Unable to handle kernel paging request at virtual address bff00000<br /> [...]<br /> CPU: 1 PID: 465 Comm: startapp.bin Tainted: G O 5.10.0 #1<br /> Hardware name: Generic DT based system<br /> PC is at b15_flush_kern_dcache_area+0x24/0x3c<br /> LR is at __sync_icache_dcache+0x6c/0x98<br /> [...]<br /> (b15_flush_kern_dcache_area) from (__sync_icache_dcache+0x6c/0x98)<br /> (__sync_icache_dcache) from (set_pte_at+0x28/0x54)<br /> (set_pte_at) from (remap_pfn_range+0x1a0/0x274)<br /> (remap_pfn_range) from (uio_mmap+0x184/0x1b8 [uio])<br /> (uio_mmap [uio]) from (__mmap_region+0x264/0x5f4)<br /> (__mmap_region) from (__do_mmap_mm+0x3ec/0x440)<br /> (__do_mmap_mm) from (do_mmap+0x50/0x58)<br /> (do_mmap) from (vm_mmap_pgoff+0xfc/0x188)<br /> (vm_mmap_pgoff) from (ksys_mmap_pgoff+0xac/0xc4)<br /> (ksys_mmap_pgoff) from (ret_fast_syscall+0x0/0x5c)<br /> Code: e0801001 e2423001 e1c00003 f57ff04f (ee070f3e)<br /> ---[ end trace 09cf0734c3805d52 ]---<br /> Kernel panic - not syncing: Fatal exception<br /> <br /> So check if PG_reserved was set to solve this issue.<br /> <br /> [1]: https://lore.kernel.org/lkml/Zbtdue57RO0QScJM@linux.ibm.com/