CVE-2025-71109

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> MIPS: ftrace: Fix memory corruption when kernel is located beyond 32 bits<br /> <br /> Since commit e424054000878 ("MIPS: Tracing: Reduce the overhead of<br /> dynamic Function Tracer"), the macro UASM_i_LA_mostly has been used,<br /> and this macro can generate more than 2 instructions. At the same<br /> time, the code in ftrace assumes that no more than 2 instructions can<br /> be generated, which is why it stores them in an int[2] array. However,<br /> as previously noted, the macro UASM_i_LA_mostly (and now UASM_i_LA)<br /> causes a buffer overflow when _mcount is beyond 32 bits. This leads to<br /> corruption of the variables located in the __read_mostly section.<br /> <br /> This corruption was observed because the variable<br /> __cpu_primary_thread_mask was corrupted, causing a hang very early<br /> during boot.<br /> <br /> This fix prevents the corruption by avoiding the generation of<br /> instructions if they could exceed 2 instructions in<br /> length. Fortunately, insn_la_mcount is only used if the instrumented<br /> code is located outside the kernel code section, so dynamic ftrace can<br /> still be used, albeit in a more limited scope. This is still<br /> preferable to corrupting memory and/or crashing the kernel.