cve/published/2021/CVE-2021-47632.json - pub/scm/linux/security/vulns - Git at Google

 {
    "containers": {
       "cna": {
          "providerMetadata": {
             "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
          },
          "descriptions": [
             {
                "lang": "en",
                "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/set_memory: Avoid spinlock recursion in change_page_attr()\n\nCommit 1f9ad21c3b38 (\"powerpc/mm: Implement set_memory() routines\")\nincluded a spin_lock() to change_page_attr() in order to\nsafely perform the three step operations. But then\ncommit 9f7853d7609d (\"powerpc/mm: Fix set_memory_*() against\nconcurrent accesses\") modify it to use pte_update() and do\nthe operation safely against concurrent access.\n\nIn the meantime, Maxime reported some spinlock recursion.\n\n[   15.351649] BUG: spinlock recursion on CPU#0, kworker/0:2/217\n[   15.357540]  lock: init_mm+0x3c/0x420, .magic: dead4ead, .owner: kworker/0:2/217, .owner_cpu: 0\n[   15.366563] CPU: 0 PID: 217 Comm: kworker/0:2 Not tainted 5.15.0+ #523\n[   15.373350] Workqueue: events do_free_init\n[   15.377615] Call Trace:\n[   15.380232] [e4105ac0] [800946a4] do_raw_spin_lock+0xf8/0x120 (unreliable)\n[   15.387340] [e4105ae0] [8001f4ec] change_page_attr+0x40/0x1d4\n[   15.393413] [e4105b10] [801424e0] __apply_to_page_range+0x164/0x310\n[   15.400009] [e4105b60] [80169620] free_pcp_prepare+0x1e4/0x4a0\n[   15.406045] [e4105ba0] [8016c5a0] free_unref_page+0x40/0x2b8\n[   15.411979] [e4105be0] [8018724c] kasan_depopulate_vmalloc_pte+0x6c/0x94\n[   15.418989] [e4105c00] [801424e0] __apply_to_page_range+0x164/0x310\n[   15.425451] [e4105c50] [80187834] kasan_release_vmalloc+0xbc/0x134\n[   15.431898] [e4105c70] [8015f7a8] __purge_vmap_area_lazy+0x4e4/0xdd8\n[   15.438560] [e4105d30] [80160d10] _vm_unmap_aliases.part.0+0x17c/0x24c\n[   15.445283] [e4105d60] [801642d0] __vunmap+0x2f0/0x5c8\n[   15.450684] [e4105db0] [800e32d0] do_free_init+0x68/0x94\n[   15.456181] [e4105dd0] [8005d094] process_one_work+0x4bc/0x7b8\n[   15.462283] [e4105e90] [8005d614] worker_thread+0x284/0x6e8\n[   15.468227] [e4105f00] [8006aaec] kthread+0x1f0/0x210\n[   15.473489] [e4105f40] [80017148] ret_from_kernel_thread+0x14/0x1c\n\nRemove the read / modify / write sequence to make the operation atomic\nand remove the spin_lock() in change_page_attr().\n\nTo do the operation atomically, we can't use pte modification helpers\nanymore. Because all platforms have different combination of bits, it\nis not easy to use those bits directly. But all have the\n_PAGE_KERNEL_{RO/ROX/RW/RWX} set of flags. All we need it to compare\ntwo sets to know which bits are set or cleared.\n\nFor instance, by comparing _PAGE_KERNEL_ROX and _PAGE_KERNEL_RO you\nknow which bit gets cleared and which bit get set when changing exec\npermission."
             }
          ],
          "affected": [
             {
                "product": "Linux",
                "vendor": "Linux",
                "defaultStatus": "unaffected",
                "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                "programFiles": [
                   "arch/powerpc/mm/pageattr.c"
                ],
                "versions": [
                   {
                      "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
                      "lessThan": "6def4eaf0391f24be541633a954c0e4876858b1e",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
                      "lessThan": "96917107e67846f1d959ed03be281048efad14c5",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
                      "lessThan": "6ebe5ca2cbe438a688f2ae238ef5a0b0b5f3468a",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
                      "lessThan": "a4c182ecf33584b9b2d1aa9dad073014a504c01f",
                      "status": "affected",
                      "versionType": "git"
                   }
                ]
             },
             {
                "product": "Linux",
                "vendor": "Linux",
                "defaultStatus": "affected",
                "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                "programFiles": [
                   "arch/powerpc/mm/pageattr.c"
                ],
                "versions": [
                   {
                      "version": "5.15.34",
                      "lessThanOrEqual": "5.15.*",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "5.16.20",
                      "lessThanOrEqual": "5.16.*",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "5.17.3",
                      "lessThanOrEqual": "5.17.*",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "5.18",
                      "lessThanOrEqual": "*",
                      "status": "unaffected",
                      "versionType": "original_commit_for_fix"
                   }
                ]
             }
          ],
          "cpeApplicability": [
             {
                "nodes": [
                   {
                      "operator": "OR",
                      "negate": false,
                      "cpeMatch": [
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionEndExcluding": "5.15.34"
                         },
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionEndExcluding": "5.16.20"
                         },
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionEndExcluding": "5.17.3"
                         },
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionEndExcluding": "5.18"
                         }
                      ]
                   }
                ]
             }
          ],
          "references": [
             {
                "url": "https://git.kernel.org/stable/c/6def4eaf0391f24be541633a954c0e4876858b1e"
             },
             {
                "url": "https://git.kernel.org/stable/c/96917107e67846f1d959ed03be281048efad14c5"
             },
             {
                "url": "https://git.kernel.org/stable/c/6ebe5ca2cbe438a688f2ae238ef5a0b0b5f3468a"
             },
             {
                "url": "https://git.kernel.org/stable/c/a4c182ecf33584b9b2d1aa9dad073014a504c01f"
             }
          ],
          "title": "powerpc/set_memory: Avoid spinlock recursion in change_page_attr()",
          "x_generator": {
             "engine": "bippy-1.2.0"
          }
       }
    },
    "cveMetadata": {
       "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
       "cveID": "CVE-2021-47632",
       "requesterUserId": "gregkh@kernel.org",
       "serial": "1",
       "state": "PUBLISHED"
    },
    "dataType": "CVE_RECORD",
    "dataVersion": "5.0"
 }
	{
	"containers": {
	"cna": {
	"providerMetadata": {
	"orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
	},
	"descriptions": [
	{
	"lang": "en",
	"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/set_memory: Avoid spinlock recursion in change_page_attr()\n\nCommit 1f9ad21c3b38 (\"powerpc/mm: Implement set_memory() routines\")\nincluded a spin_lock() to change_page_attr() in order to\nsafely perform the three step operations. But then\ncommit 9f7853d7609d (\"powerpc/mm: Fix set_memory_*() against\nconcurrent accesses\") modify it to use pte_update() and do\nthe operation safely against concurrent access.\n\nIn the meantime, Maxime reported some spinlock recursion.\n\n[ 15.351649] BUG: spinlock recursion on CPU#0, kworker/0:2/217\n[ 15.357540] lock: init_mm+0x3c/0x420, .magic: dead4ead, .owner: kworker/0:2/217, .owner_cpu: 0\n[ 15.366563] CPU: 0 PID: 217 Comm: kworker/0:2 Not tainted 5.15.0+ #523\n[ 15.373350] Workqueue: events do_free_init\n[ 15.377615] Call Trace:\n[ 15.380232] [e4105ac0] [800946a4] do_raw_spin_lock+0xf8/0x120 (unreliable)\n[ 15.387340] [e4105ae0] [8001f4ec] change_page_attr+0x40/0x1d4\n[ 15.393413] [e4105b10] [801424e0] __apply_to_page_range+0x164/0x310\n[ 15.400009] [e4105b60] [80169620] free_pcp_prepare+0x1e4/0x4a0\n[ 15.406045] [e4105ba0] [8016c5a0] free_unref_page+0x40/0x2b8\n[ 15.411979] [e4105be0] [8018724c] kasan_depopulate_vmalloc_pte+0x6c/0x94\n[ 15.418989] [e4105c00] [801424e0] __apply_to_page_range+0x164/0x310\n[ 15.425451] [e4105c50] [80187834] kasan_release_vmalloc+0xbc/0x134\n[ 15.431898] [e4105c70] [8015f7a8] __purge_vmap_area_lazy+0x4e4/0xdd8\n[ 15.438560] [e4105d30] [80160d10] _vm_unmap_aliases.part.0+0x17c/0x24c\n[ 15.445283] [e4105d60] [801642d0] __vunmap+0x2f0/0x5c8\n[ 15.450684] [e4105db0] [800e32d0] do_free_init+0x68/0x94\n[ 15.456181] [e4105dd0] [8005d094] process_one_work+0x4bc/0x7b8\n[ 15.462283] [e4105e90] [8005d614] worker_thread+0x284/0x6e8\n[ 15.468227] [e4105f00] [8006aaec] kthread+0x1f0/0x210\n[ 15.473489] [e4105f40] [80017148] ret_from_kernel_thread+0x14/0x1c\n\nRemove the read / modify / write sequence to make the operation atomic\nand remove the spin_lock() in change_page_attr().\n\nTo do the operation atomically, we can't use pte modification helpers\nanymore. Because all platforms have different combination of bits, it\nis not easy to use those bits directly. But all have the\n_PAGE_KERNEL_{RO/ROX/RW/RWX} set of flags. All we need it to compare\ntwo sets to know which bits are set or cleared.\n\nFor instance, by comparing _PAGE_KERNEL_ROX and _PAGE_KERNEL_RO you\nknow which bit gets cleared and which bit get set when changing exec\npermission."
	}
	],
	"affected": [
	{
	"product": "Linux",
	"vendor": "Linux",
	"defaultStatus": "unaffected",
	"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
	"programFiles": [
	"arch/powerpc/mm/pageattr.c"
	],
	"versions": [
	{
	"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
	"lessThan": "6def4eaf0391f24be541633a954c0e4876858b1e",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
	"lessThan": "96917107e67846f1d959ed03be281048efad14c5",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
	"lessThan": "6ebe5ca2cbe438a688f2ae238ef5a0b0b5f3468a",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
	"lessThan": "a4c182ecf33584b9b2d1aa9dad073014a504c01f",
	"status": "affected",
	"versionType": "git"
	}
	]
	},
	{
	"product": "Linux",
	"vendor": "Linux",
	"defaultStatus": "affected",
	"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
	"programFiles": [
	"arch/powerpc/mm/pageattr.c"
	],
	"versions": [
	{
	"version": "5.15.34",
	"lessThanOrEqual": "5.15.*",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "5.16.20",
	"lessThanOrEqual": "5.16.*",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "5.17.3",
	"lessThanOrEqual": "5.17.*",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "5.18",
	"lessThanOrEqual": "*",
	"status": "unaffected",
	"versionType": "original_commit_for_fix"
	}
	]
	}
	],
	"cpeApplicability": [
	{
	"nodes": [
	{
	"operator": "OR",
	"negate": false,
	"cpeMatch": [
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionEndExcluding": "5.15.34"
	},
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionEndExcluding": "5.16.20"
	},
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionEndExcluding": "5.17.3"
	},
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionEndExcluding": "5.18"
	}
	]
	}
	]
	}
	],
	"references": [
	{
	"url": "https://git.kernel.org/stable/c/6def4eaf0391f24be541633a954c0e4876858b1e"
	},
	{
	"url": "https://git.kernel.org/stable/c/96917107e67846f1d959ed03be281048efad14c5"
	},
	{
	"url": "https://git.kernel.org/stable/c/6ebe5ca2cbe438a688f2ae238ef5a0b0b5f3468a"
	},
	{
	"url": "https://git.kernel.org/stable/c/a4c182ecf33584b9b2d1aa9dad073014a504c01f"
	}
	],
	"title": "powerpc/set_memory: Avoid spinlock recursion in change_page_attr()",
	"x_generator": {
	"engine": "bippy-1.2.0"
	}
	}
	},
	"cveMetadata": {
	"assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
	"cveID": "CVE-2021-47632",
	"requesterUserId": "gregkh@kernel.org",
	"serial": "1",
	"state": "PUBLISHED"
	},
	"dataType": "CVE_RECORD",
	"dataVersion": "5.0"
	}