CVE-2024-42243

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray<br /> <br /> Patch series "mm/filemap: Limit page cache size to that supported by<br /> xarray", v2.<br /> <br /> Currently, xarray can&amp;#39;t support arbitrary page cache size. More details<br /> can be found from the WARN_ON() statement in xas_split_alloc(). In our<br /> test whose code is attached below, we hit the WARN_ON() on ARM64 system<br /> where the base page size is 64KB and huge page size is 512MB. The issue<br /> was reported long time ago and some discussions on it can be found here<br /> [1].<br /> <br /> [1] https://www.spinics.net/lists/linux-xfs/msg75404.html<br /> <br /> In order to fix the issue, we need to adjust MAX_PAGECACHE_ORDER to one<br /> supported by xarray and avoid PMD-sized page cache if needed. The code<br /> changes are suggested by David Hildenbrand.<br /> <br /> PATCH[1] adjusts MAX_PAGECACHE_ORDER to that supported by xarray<br /> PATCH[2-3] avoids PMD-sized page cache in the synchronous readahead path<br /> PATCH[4] avoids PMD-sized page cache for shmem files if needed<br /> <br /> Test program<br /> ============<br /> # cat test.c<br /> #define _GNU_SOURCE<br /> #include <br /> #include <br /> #include <br /> #include <br /> #include <br /> #include <br /> #include <br /> #include <br /> <br /> #define TEST_XFS_FILENAME "/tmp/data"<br /> #define TEST_SHMEM_FILENAME "/dev/shm/data"<br /> #define TEST_MEM_SIZE 0x20000000<br /> <br /> int main(int argc, char **argv)<br /> {<br /> const char *filename;<br /> int fd = 0;<br /> void *buf = (void *)-1, *p;<br /> int pgsize = getpagesize();<br /> int ret;<br /> <br /> if (pgsize != 0x10000) {<br /> fprintf(stderr, "64KB base page size is required\n");<br /> return -EPERM;<br /> }<br /> <br /> system("echo force &gt; /sys/kernel/mm/transparent_hugepage/shmem_enabled");<br /> system("rm -fr /tmp/data");<br /> system("rm -fr /dev/shm/data");<br /> system("echo 1 &gt; /proc/sys/vm/drop_caches");<br /> <br /> /* Open xfs or shmem file */<br /> filename = TEST_XFS_FILENAME;<br /> if (argc &gt; 1 &amp;&amp; !strcmp(argv[1], "shmem"))<br /> filename = TEST_SHMEM_FILENAME;<br /> <br /> fd = open(filename, O_CREAT | O_RDWR | O_TRUNC);<br /> if (fd 0)<br /> close(fd);<br /> <br /> return 0;<br /> }<br /> <br /> # gcc test.c -o test<br /> # cat /proc/1/smaps | grep KernelPageSize | head -n 1<br /> KernelPageSize: 64 kB<br /> # ./test shmem<br /> :<br /> ------------[ cut here ]------------<br /> WARNING: CPU: 17 PID: 5253 at lib/xarray.c:1025 xas_split_alloc+0xf8/0x128<br /> Modules linked in: nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib \<br /> nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct \<br /> nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 \<br /> ip_set nf_tables rfkill nfnetlink vfat fat virtio_balloon \<br /> drm fuse xfs libcrc32c crct10dif_ce ghash_ce sha2_ce sha256_arm64 \<br /> virtio_net sha1_ce net_failover failover virtio_console virtio_blk \<br /> dimlib virtio_mmio<br /> CPU: 17 PID: 5253 Comm: test Kdump: loaded Tainted: G W 6.10.0-rc5-gavin+ #12<br /> Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20240524-1.el9 05/24/2024<br /> pstate: 83400005 (Nzcv daif +PAN -UAO +TC<br /> ---truncated---