发布时间: 2024年9月3日
修改时间: 2024年9月14日
In the Linux kernel, the following vulnerability has been resolved:mm/shmem: disable PMD-sized page cache if neededFor shmem files, it s possible that PMD-sized page cache can t besupported by xarray. For example, 512MB page cache on ARM64 when the basepage size is 64KB can t be supported by xarray. It leads to errors as thefollowing messages indicate when this sort of xarray entry is split.WARNING: CPU: 34 PID: 7578 at lib/xarray.c:1025 xas_split_alloc+0xf8/0x128Modules linked in: binfmt_misc nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set rfkill nf_tables nfnetlink vfat fat virtio_balloon drm fuse xfs libcrc32c crct10dif_ce ghash_ce sha2_ce sha256_arm64 sha1_ce virtio_net net_failover virtio_console virtio_blk failover dimlib virtio_mmioCPU: 34 PID: 7578 Comm: test Kdump: loaded Tainted: G W 6.10.0-rc5-gavin+ #9Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20240524-1.el9 05/24/2024pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)pc : xas_split_alloc+0xf8/0x128lr : split_huge_page_to_list_to_order+0x1c4/0x720sp : ffff8000882af5f0x29: ffff8000882af5f0 x28: ffff8000882af650 x27: ffff8000882af768x26: 0000000000000cc0 x25: 000000000000000d x24: ffff00010625b858x23: ffff8000882af650 x22: ffffffdfc0900000 x21: 0000000000000000x20: 0000000000000000 x19: ffffffdfc0900000 x18: 0000000000000000x17: 0000000000000000 x16: 0000018000000000 x15: 52f8004000000000x14: 0000e00000000000 x13: 0000000000002000 x12: 0000000000000020x11: 52f8000000000000 x10: 52f8e1c0ffff6000 x9 : ffffbeb9619a681cx8 : 0000000000000003 x7 : 0000000000000000 x6 : ffff00010b02ddb0x5 : ffffbeb96395e378 x4 : 0000000000000000 x3 : 0000000000000cc0x2 : 000000000000000d x1 : 000000000000000c x0 : 0000000000000000Call trace: xas_split_alloc+0xf8/0x128 split_huge_page_to_list_to_order+0x1c4/0x720 truncate_inode_partial_folio+0xdc/0x160 shmem_undo_range+0x2bc/0x6a8 shmem_fallocate+0x134/0x430 vfs_fallocate+0x124/0x2e8 ksys_fallocate+0x4c/0xa0 __arm64_sys_fallocate+0x24/0x38 invoke_syscall.constprop.0+0x7c/0xd8 do_el0_svc+0xb4/0xd0 el0_svc+0x44/0x1d8 el0t_64_sync_handler+0x134/0x150 el0t_64_sync+0x17c/0x180Fix it by disabling PMD-sized page cache when HPAGE_PMD_ORDER is largerthan MAX_PAGECACHE_ORDER. As Matthew Wilcox pointed, the page cache in ashmem file isn t represented by a multi-index entry and doesn t have thislimitation when the xarry entry is split until commit 6b24ca4a1a8d ( mm:Use multi-index entries in the page cache ).
| NVD | openEuler | |
|---|---|---|
| CVSS评分 | 5.5 | 5.5 |
| Attack Vector | Local | Local |
| Attack Complexity | Low | Low |
| Privileges Required | Low | Low |
| User Interaction | None | None |
| Scope | Unchanged | Unchanged |
| Confidentiality | None | None |
| Integrity | None | None |
| Availability | High | High |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2024-3596 | In the Linux kernel, the following vulnerability has been resolved:mm/shmem: disable PMD-sized page cache if neededFor shmem files, it s possible that PMD-sized page cache can t besupported by xarray. For example, 512MB page cache on ARM64 when the basepage size is 64KB can t be supported by xarray. It leads to errors as thefollowing messages indicate when this sort of xarray entry is split.WARNING: CPU: 34 PID: 7578 at lib/xarray.c:1025 xas_split_alloc+0xf8/0x128Modules linked in: binfmt_misc nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set rfkill nf_tables nfnetlink vfat fat virtio_balloon drm fuse xfs libcrc32c crct10dif_ce ghash_ce sha2_ce sha256_arm64 sha1_ce virtio_net net_failover virtio_console virtio_blk failover dimlib virtio_mmioCPU: 34 PID: 7578 Comm: test Kdump: loaded Tainted: G W 6.10.0-rc5-gavin+ #9Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20240524-1.el9 05/24/2024pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)pc : xas_split_alloc+0xf8/0x128lr : split_huge_page_to_list_to_order+0x1c4/0x720sp : ffff8000882af5f0x29: ffff8000882af5f0 x28: ffff8000882af650 x27: ffff8000882af768x26: 0000000000000cc0 x25: 000000000000000d x24: ffff00010625b858x23: ffff8000882af650 x22: ffffffdfc0900000 x21: 0000000000000000x20: 0000000000000000 x19: ffffffdfc0900000 x18: 0000000000000000x17: 0000000000000000 x16: 0000018000000000 x15: 52f8004000000000x14: 0000e00000000000 x13: 0000000000002000 x12: 0000000000000020x11: 52f8000000000000 x10: 52f8e1c0ffff6000 x9 : ffffbeb9619a681cx8 : 0000000000000003 x7 : 0000000000000000 x6 : ffff00010b02ddb0x5 : ffffbeb96395e378 x4 : 0000000000000000 x3 : 0000000000000cc0x2 : 000000000000000d x1 : 000000000000000c x0 : 0000000000000000Call trace: xas_split_alloc+0xf8/0x128 split_huge_page_to_list_to_order+0x1c4/0x720 truncate_inode_partial_folio+0xdc/0x160 shmem_undo_range+0x2bc/0x6a8 shmem_fallocate+0x134/0x430 vfs_fallocate+0x124/0x2e8 ksys_fallocate+0x4c/0xa0 __arm64_sys_fallocate+0x24/0x38 invoke_syscall.constprop.0+0x7c/0xd8 do_el0_svc+0xb4/0xd0 el0_svc+0x44/0x1d8 el0t_64_sync_handler+0x134/0x150 el0t_64_sync+0x17c/0x180Fix it by disabling PMD-sized page cache when HPAGE_PMD_ORDER is largerthan MAX_PAGECACHE_ORDER. As Matthew Wilcox pointed, the page cache in ashmem file isn t represented by a multi-index entry and doesn t have thislimitation when the xarry entry is split until commit 6b24ca4a1a8d ( mm:Use multi-index entries in the page cache ). | 2024年9月3日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-5A | kernel | Unaffected |
| KY3.5.2 | kernel | Unaffected |
| V6 | kernel | Fixed |
