cve/published/2024/CVE-2024-26761.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-26761: cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window

 The Linux CXL subsystem is built on the assumption that HPA == SPA.
 That is, the host physical address (HPA) the HDM decoder registers are
 programmed with are system physical addresses (SPA).

 During HDM decoder setup, the DVSEC CXL range registers (cxl-3.1,
 8.1.3.8) are checked if the memory is enabled and the CXL range is in
 a HPA window that is described in a CFMWS structure of the CXL host
 bridge (cxl-3.1, 9.18.1.3).

 Now, if the HPA is not an SPA, the CXL range does not match a CFMWS
 window and the CXL memory range will be disabled then. The HDM decoder
 stops working which causes system memory being disabled and further a
 system hang during HDM decoder initialization, typically when a CXL
 enabled kernel boots.

 Prevent a system hang and do not disable the HDM decoder if the
 decoder's CXL range is not found in a CFMWS window.

 Note the change only fixes a hardware hang, but does not implement
 HPA/SPA translation. Support for this can be added in a follow on
 patch series.

 The Linux kernel CVE team has assigned CVE-2024-26761 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 5.19 with commit 34e37b4c432cd0f1842b352fde4b8878b4166888 and fixed in 6.1.80 with commit 031217128990d7f0ab8c46db1afb3cf1e075fd29
 	Issue introduced in 5.19 with commit 34e37b4c432cd0f1842b352fde4b8878b4166888 and fixed in 6.6.19 with commit 2cc1a530ab31c65b52daf3cb5d0883c8b614ea69
 	Issue introduced in 5.19 with commit 34e37b4c432cd0f1842b352fde4b8878b4166888 and fixed in 6.7.7 with commit 3a3181a71935774bda2398451256d7441426420b
 	Issue introduced in 5.19 with commit 34e37b4c432cd0f1842b352fde4b8878b4166888 and fixed in 6.8 with commit 0cab687205986491302cd2e440ef1d253031c221

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-26761
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/cxl/core/pci.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/031217128990d7f0ab8c46db1afb3cf1e075fd29
 	https://git.kernel.org/stable/c/2cc1a530ab31c65b52daf3cb5d0883c8b614ea69
 	https://git.kernel.org/stable/c/3a3181a71935774bda2398451256d7441426420b
 	https://git.kernel.org/stable/c/0cab687205986491302cd2e440ef1d253031c221
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-26761: cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window

	The Linux CXL subsystem is built on the assumption that HPA == SPA.
	That is, the host physical address (HPA) the HDM decoder registers are
	programmed with are system physical addresses (SPA).

	During HDM decoder setup, the DVSEC CXL range registers (cxl-3.1,
	8.1.3.8) are checked if the memory is enabled and the CXL range is in
	a HPA window that is described in a CFMWS structure of the CXL host
	bridge (cxl-3.1, 9.18.1.3).

	Now, if the HPA is not an SPA, the CXL range does not match a CFMWS
	window and the CXL memory range will be disabled then. The HDM decoder
	stops working which causes system memory being disabled and further a
	system hang during HDM decoder initialization, typically when a CXL
	enabled kernel boots.

	Prevent a system hang and do not disable the HDM decoder if the
	decoder's CXL range is not found in a CFMWS window.

	Note the change only fixes a hardware hang, but does not implement
	HPA/SPA translation. Support for this can be added in a follow on
	patch series.

	The Linux kernel CVE team has assigned CVE-2024-26761 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 5.19 with commit 34e37b4c432cd0f1842b352fde4b8878b4166888 and fixed in 6.1.80 with commit 031217128990d7f0ab8c46db1afb3cf1e075fd29
	Issue introduced in 5.19 with commit 34e37b4c432cd0f1842b352fde4b8878b4166888 and fixed in 6.6.19 with commit 2cc1a530ab31c65b52daf3cb5d0883c8b614ea69
	Issue introduced in 5.19 with commit 34e37b4c432cd0f1842b352fde4b8878b4166888 and fixed in 6.7.7 with commit 3a3181a71935774bda2398451256d7441426420b
	Issue introduced in 5.19 with commit 34e37b4c432cd0f1842b352fde4b8878b4166888 and fixed in 6.8 with commit 0cab687205986491302cd2e440ef1d253031c221

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-26761
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/cxl/core/pci.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/031217128990d7f0ab8c46db1afb3cf1e075fd29
	https://git.kernel.org/stable/c/2cc1a530ab31c65b52daf3cb5d0883c8b614ea69
	https://git.kernel.org/stable/c/3a3181a71935774bda2398451256d7441426420b
	https://git.kernel.org/stable/c/0cab687205986491302cd2e440ef1d253031c221