CVE-2024-56617

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> cacheinfo: Allocate memory during CPU hotplug if not done from the primary CPU<br /> <br /> Commit<br /> <br /> 5944ce092b97 ("arch_topology: Build cacheinfo from primary CPU")<br /> <br /> adds functionality that architectures can use to optionally allocate and<br /> build cacheinfo early during boot. Commit<br /> <br /> 6539cffa9495 ("cacheinfo: Add arch specific early level initializer")<br /> <br /> lets secondary CPUs correct (and reallocate memory) cacheinfo data if<br /> needed.<br /> <br /> If the early build functionality is not used and cacheinfo does not need<br /> correction, memory for cacheinfo is never allocated. x86 does not use<br /> the early build functionality. Consequently, during the cacheinfo CPU<br /> hotplug callback, last_level_cache_is_valid() attempts to dereference<br /> a NULL pointer:<br /> <br /> BUG: kernel NULL pointer dereference, address: 0000000000000100<br /> #PF: supervisor read access in kernel mode<br /> #PF: error_code(0x0000) - not present page<br /> PGD 0 P4D 0<br /> Oops: 0000 [#1] PREEPMT SMP NOPTI<br /> CPU: 0 PID 19 Comm: cpuhp/0 Not tainted 6.4.0-rc2 #1<br /> RIP: 0010: last_level_cache_is_valid+0x95/0xe0a<br /> <br /> Allocate memory for cacheinfo during the cacheinfo CPU hotplug callback<br /> if not done earlier.<br /> <br /> Moreover, before determining the validity of the last-level cache info,<br /> ensure that it has been allocated. Simply checking for non-zero<br /> cache_leaves() is not sufficient, as some architectures (e.g., Intel<br /> processors) have non-zero cache_leaves() before allocation.<br /> <br /> Dereferencing NULL cacheinfo can occur in update_per_cpu_data_slice_size().<br /> This function iterates over all online CPUs. However, a CPU may have come<br /> online recently, but its cacheinfo may not have been allocated yet.<br /> <br /> While here, remove an unnecessary indentation in allocate_cache_info().<br /> <br /> [ bp: Massage. ]