cve/published/2024/CVE-2024-26787.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-26787: mmc: mmci: stm32: fix DMA API overlapping mappings warning

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 mmc: mmci: stm32: fix DMA API overlapping mappings warning

 Turning on CONFIG_DMA_API_DEBUG_SG results in the following warning:

 DMA-API: mmci-pl18x 48220000.mmc: cacheline tracking EEXIST,
 overlapping mappings aren't supported
 WARNING: CPU: 1 PID: 51 at kernel/dma/debug.c:568
 add_dma_entry+0x234/0x2f4
 Modules linked in:
 CPU: 1 PID: 51 Comm: kworker/1:2 Not tainted 6.1.28 #1
 Hardware name: STMicroelectronics STM32MP257F-EV1 Evaluation Board (DT)
 Workqueue: events_freezable mmc_rescan
 Call trace:
 add_dma_entry+0x234/0x2f4
 debug_dma_map_sg+0x198/0x350
 __dma_map_sg_attrs+0xa0/0x110
 dma_map_sg_attrs+0x10/0x2c
 sdmmc_idma_prep_data+0x80/0xc0
 mmci_prep_data+0x38/0x84
 mmci_start_data+0x108/0x2dc
 mmci_request+0xe4/0x190
 __mmc_start_request+0x68/0x140
 mmc_start_request+0x94/0xc0
 mmc_wait_for_req+0x70/0x100
 mmc_send_tuning+0x108/0x1ac
 sdmmc_execute_tuning+0x14c/0x210
 mmc_execute_tuning+0x48/0xec
 mmc_sd_init_uhs_card.part.0+0x208/0x464
 mmc_sd_init_card+0x318/0x89c
 mmc_attach_sd+0xe4/0x180
 mmc_rescan+0x244/0x320

 DMA API debug brings to light leaking dma-mappings as dma_map_sg and
 dma_unmap_sg are not correctly balanced.

 If an error occurs in mmci_cmd_irq function, only mmci_dma_error
 function is called and as this API is not managed on stm32 variant,
 dma_unmap_sg is never called in this error path.

 The Linux kernel CVE team has assigned CVE-2024-26787 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 4.20 with commit 46b723dd867d599420fb640c0eaf2a866ef721d4 and fixed in 5.10.213 with commit 0224cbc53ba82b84affa7619b6d1b1a254bc2c53
 	Issue introduced in 4.20 with commit 46b723dd867d599420fb640c0eaf2a866ef721d4 and fixed in 5.15.152 with commit 5ae5060e17a3fc38e54c3e5bd8abd6b1d5bfae7c
 	Issue introduced in 4.20 with commit 46b723dd867d599420fb640c0eaf2a866ef721d4 and fixed in 6.1.81 with commit 70af82bb9c897faa25a44e4181f36c60312b71ef
 	Issue introduced in 4.20 with commit 46b723dd867d599420fb640c0eaf2a866ef721d4 and fixed in 6.6.21 with commit 176e66269f0de327375fc0ea51c12c2f5a97e4c4
 	Issue introduced in 4.20 with commit 46b723dd867d599420fb640c0eaf2a866ef721d4 and fixed in 6.7.9 with commit d610a307225951929b9dff807788439454476f85
 	Issue introduced in 4.20 with commit 46b723dd867d599420fb640c0eaf2a866ef721d4 and fixed in 6.8 with commit 6b1ba3f9040be5efc4396d86c9752cdc564730be

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-26787
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/mmc/host/mmci_stm32_sdmmc.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/0224cbc53ba82b84affa7619b6d1b1a254bc2c53
 	https://git.kernel.org/stable/c/5ae5060e17a3fc38e54c3e5bd8abd6b1d5bfae7c
 	https://git.kernel.org/stable/c/70af82bb9c897faa25a44e4181f36c60312b71ef
 	https://git.kernel.org/stable/c/176e66269f0de327375fc0ea51c12c2f5a97e4c4
 	https://git.kernel.org/stable/c/d610a307225951929b9dff807788439454476f85
 	https://git.kernel.org/stable/c/6b1ba3f9040be5efc4396d86c9752cdc564730be
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-26787: mmc: mmci: stm32: fix DMA API overlapping mappings warning

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	mmc: mmci: stm32: fix DMA API overlapping mappings warning

	Turning on CONFIG_DMA_API_DEBUG_SG results in the following warning:

	DMA-API: mmci-pl18x 48220000.mmc: cacheline tracking EEXIST,
	overlapping mappings aren't supported
	WARNING: CPU: 1 PID: 51 at kernel/dma/debug.c:568
	add_dma_entry+0x234/0x2f4
	Modules linked in:
	CPU: 1 PID: 51 Comm: kworker/1:2 Not tainted 6.1.28 #1
	Hardware name: STMicroelectronics STM32MP257F-EV1 Evaluation Board (DT)
	Workqueue: events_freezable mmc_rescan
	Call trace:
	add_dma_entry+0x234/0x2f4
	debug_dma_map_sg+0x198/0x350
	__dma_map_sg_attrs+0xa0/0x110
	dma_map_sg_attrs+0x10/0x2c
	sdmmc_idma_prep_data+0x80/0xc0
	mmci_prep_data+0x38/0x84
	mmci_start_data+0x108/0x2dc
	mmci_request+0xe4/0x190
	__mmc_start_request+0x68/0x140
	mmc_start_request+0x94/0xc0
	mmc_wait_for_req+0x70/0x100
	mmc_send_tuning+0x108/0x1ac
	sdmmc_execute_tuning+0x14c/0x210
	mmc_execute_tuning+0x48/0xec
	mmc_sd_init_uhs_card.part.0+0x208/0x464
	mmc_sd_init_card+0x318/0x89c
	mmc_attach_sd+0xe4/0x180
	mmc_rescan+0x244/0x320

	DMA API debug brings to light leaking dma-mappings as dma_map_sg and
	dma_unmap_sg are not correctly balanced.

	If an error occurs in mmci_cmd_irq function, only mmci_dma_error
	function is called and as this API is not managed on stm32 variant,
	dma_unmap_sg is never called in this error path.

	The Linux kernel CVE team has assigned CVE-2024-26787 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 4.20 with commit 46b723dd867d599420fb640c0eaf2a866ef721d4 and fixed in 5.10.213 with commit 0224cbc53ba82b84affa7619b6d1b1a254bc2c53
	Issue introduced in 4.20 with commit 46b723dd867d599420fb640c0eaf2a866ef721d4 and fixed in 5.15.152 with commit 5ae5060e17a3fc38e54c3e5bd8abd6b1d5bfae7c
	Issue introduced in 4.20 with commit 46b723dd867d599420fb640c0eaf2a866ef721d4 and fixed in 6.1.81 with commit 70af82bb9c897faa25a44e4181f36c60312b71ef
	Issue introduced in 4.20 with commit 46b723dd867d599420fb640c0eaf2a866ef721d4 and fixed in 6.6.21 with commit 176e66269f0de327375fc0ea51c12c2f5a97e4c4
	Issue introduced in 4.20 with commit 46b723dd867d599420fb640c0eaf2a866ef721d4 and fixed in 6.7.9 with commit d610a307225951929b9dff807788439454476f85
	Issue introduced in 4.20 with commit 46b723dd867d599420fb640c0eaf2a866ef721d4 and fixed in 6.8 with commit 6b1ba3f9040be5efc4396d86c9752cdc564730be

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-26787
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/mmc/host/mmci_stm32_sdmmc.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/0224cbc53ba82b84affa7619b6d1b1a254bc2c53
	https://git.kernel.org/stable/c/5ae5060e17a3fc38e54c3e5bd8abd6b1d5bfae7c
	https://git.kernel.org/stable/c/70af82bb9c897faa25a44e4181f36c60312b71ef
	https://git.kernel.org/stable/c/176e66269f0de327375fc0ea51c12c2f5a97e4c4
	https://git.kernel.org/stable/c/d610a307225951929b9dff807788439454476f85
	https://git.kernel.org/stable/c/6b1ba3f9040be5efc4396d86c9752cdc564730be