cve/published/2024/CVE-2024-41021.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-41021: s390/mm: Fix VM_FAULT_HWPOISON handling in do_exception()

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 s390/mm: Fix VM_FAULT_HWPOISON handling in do_exception()

 There is no support for HWPOISON, MEMORY_FAILURE, or ARCH_HAS_COPY_MC on
 s390. Therefore we do not expect to see VM_FAULT_HWPOISON in
 do_exception().

 However, since commit af19487f00f3 ("mm: make PTE_MARKER_SWAPIN_ERROR more
 general"), it is possible to see VM_FAULT_HWPOISON in combination with
 PTE_MARKER_POISONED, even on architectures that do not support HWPOISON
 otherwise. In this case, we will end up on the BUG() in do_exception().

 Fix this by treating VM_FAULT_HWPOISON the same as VM_FAULT_SIGBUS, similar
 to x86 when MEMORY_FAILURE is not configured. Also print unexpected fault
 flags, for easier debugging.

 Note that VM_FAULT_HWPOISON_LARGE is not expected, because s390 cannot
 support swap entries on other levels than PTE level.

 The Linux kernel CVE team has assigned CVE-2024-41021 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 6.6 with commit af19487f00f34ff8643921d7909dbb3fedc7e329 and fixed in 6.6.44 with commit 73a9260b7366d2906ec011e100319359fe2277d0
 	Issue introduced in 6.6 with commit af19487f00f34ff8643921d7909dbb3fedc7e329 and fixed in 6.9.12 with commit 9e13767ccefdc4f8aa92514b592b60f6b54882ff
 	Issue introduced in 6.6 with commit af19487f00f34ff8643921d7909dbb3fedc7e329 and fixed in 6.10.2 with commit a3aefb871222a9880602d1a44a558177b4143e3b
 	Issue introduced in 6.6 with commit af19487f00f34ff8643921d7909dbb3fedc7e329 and fixed in 6.11 with commit df39038cd89525d465c2c8827eb64116873f141a

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-41021
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	arch/s390/mm/fault.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/73a9260b7366d2906ec011e100319359fe2277d0
 	https://git.kernel.org/stable/c/9e13767ccefdc4f8aa92514b592b60f6b54882ff
 	https://git.kernel.org/stable/c/a3aefb871222a9880602d1a44a558177b4143e3b
 	https://git.kernel.org/stable/c/df39038cd89525d465c2c8827eb64116873f141a
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-41021: s390/mm: Fix VM_FAULT_HWPOISON handling in do_exception()

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	s390/mm: Fix VM_FAULT_HWPOISON handling in do_exception()

	There is no support for HWPOISON, MEMORY_FAILURE, or ARCH_HAS_COPY_MC on
	s390. Therefore we do not expect to see VM_FAULT_HWPOISON in
	do_exception().

	However, since commit af19487f00f3 ("mm: make PTE_MARKER_SWAPIN_ERROR more
	general"), it is possible to see VM_FAULT_HWPOISON in combination with
	PTE_MARKER_POISONED, even on architectures that do not support HWPOISON
	otherwise. In this case, we will end up on the BUG() in do_exception().

	Fix this by treating VM_FAULT_HWPOISON the same as VM_FAULT_SIGBUS, similar
	to x86 when MEMORY_FAILURE is not configured. Also print unexpected fault
	flags, for easier debugging.

	Note that VM_FAULT_HWPOISON_LARGE is not expected, because s390 cannot
	support swap entries on other levels than PTE level.

	The Linux kernel CVE team has assigned CVE-2024-41021 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 6.6 with commit af19487f00f34ff8643921d7909dbb3fedc7e329 and fixed in 6.6.44 with commit 73a9260b7366d2906ec011e100319359fe2277d0
	Issue introduced in 6.6 with commit af19487f00f34ff8643921d7909dbb3fedc7e329 and fixed in 6.9.12 with commit 9e13767ccefdc4f8aa92514b592b60f6b54882ff
	Issue introduced in 6.6 with commit af19487f00f34ff8643921d7909dbb3fedc7e329 and fixed in 6.10.2 with commit a3aefb871222a9880602d1a44a558177b4143e3b
	Issue introduced in 6.6 with commit af19487f00f34ff8643921d7909dbb3fedc7e329 and fixed in 6.11 with commit df39038cd89525d465c2c8827eb64116873f141a

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-41021
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	arch/s390/mm/fault.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/73a9260b7366d2906ec011e100319359fe2277d0
	https://git.kernel.org/stable/c/9e13767ccefdc4f8aa92514b592b60f6b54882ff
	https://git.kernel.org/stable/c/a3aefb871222a9880602d1a44a558177b4143e3b
	https://git.kernel.org/stable/c/df39038cd89525d465c2c8827eb64116873f141a