APPLIED: [SRU][M][PATCH 0/1] CVE-2024-26710
Roxana Nicolescu
roxana.nicolescu at canonical.com
Thu Apr 25 15:07:35 UTC 2024
On 19/04/2024 22:49, Bethany Jamison wrote:
> [Impact]
>
> In the Linux kernel, the following vulnerability has been resolved:
>
> powerpc/kasan: Limit KASAN thread size increase to 32KB
>
> KASAN is seen to increase stack usage, to the point that it was reported
> to lead to stack overflow on some 32-bit machines (see link).
>
> To avoid overflows the stack size was doubled for KASAN builds in
> commit 3e8635fb2e07 ("powerpc/kasan: Force thread size increase with
> KASAN").
>
> However with a 32KB stack size to begin with, the doubling leads to a
> 64KB stack, which causes build errors:
> arch/powerpc/kernel/switch.S:249: Error: operand out of range
> (0x000000000000fe50 is not between 0xffffffffffff8000 and
> 0x0000000000007fff)
>
> Although the asm could be reworked, in practice a 32KB stack seems
> sufficient even for KASAN builds - the additional usage seems to be in
> the 2-3KB range for a 64-bit KASAN build.
>
> So only increase the stack for KASAN if the stack size is < 32KB.
>
> [Fix]
>
> Mantic: Clean cherry-pick from linux-6.6.y
> Jammy: not-affected
> Focal: not-affected
> Bionic: not-affected
> Xenial: not-affected
> Trusty: not-affected
>
> [Test Case]
>
> Compile and boot tested.
>
> [Where problems could occur]
>
> This fix affects those who use KASAN on PowerPC, an issue with this
> fix would be visable to the user via a system crash.
>
> Michael Ellerman (1):
> powerpc/kasan: Limit KASAN thread size increase to 32KB
>
> arch/powerpc/include/asm/thread_info.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
It was applied already from upstream. I included the CVE no in the
commit message.
More information about the kernel-team
mailing list