Bug 1223054 (CVE-2024-26850) - VUL-0: CVE-2024-26850: kernel: mm/debug_vm_pgtable: BUG_ON with pud advanced test
Summary: VUL-0: CVE-2024-26850: kernel: mm/debug_vm_pgtable: BUG_ON with pud advanced ...
Status: RESOLVED INVALID
Alias: CVE-2024-26850
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/402355/
Whiteboard: CVSSv3.1:SUSE:CVE-2024-26850:5.5:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2024-04-18 09:39 UTC by SMASH SMASH
Modified: 2024-04-18 11:36 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description SMASH SMASH 2024-04-18 09:39:06 UTC 
In the Linux kernel, the following vulnerability has been resolved:

mm/debug_vm_pgtable: fix BUG_ON with pud advanced test

Architectures like powerpc add debug checks to ensure we find only devmap
PUD pte entries.  These debug checks are only done with CONFIG_DEBUG_VM. 
This patch marks the ptes used for PUD advanced test devmap pte entries so
that we don't hit on debug checks on architecture like ppc64 as below.

WARNING: CPU: 2 PID: 1 at arch/powerpc/mm/book3s64/radix_pgtable.c:1382 radix__pud_hugepage_update+0x38/0x138
....
NIP [c0000000000a7004] radix__pud_hugepage_update+0x38/0x138
LR [c0000000000a77a8] radix__pudp_huge_get_and_clear+0x28/0x60
Call Trace:
[c000000004a2f950] [c000000004a2f9a0] 0xc000000004a2f9a0 (unreliable)
[c000000004a2f980] [000d34c100000000] 0xd34c100000000
[c000000004a2f9a0] [c00000000206ba98] pud_advanced_tests+0x118/0x334
[c000000004a2fa40] [c00000000206db34] debug_vm_pgtable+0xcbc/0x1c48
[c000000004a2fc10] [c00000000000fd28] do_one_initcall+0x60/0x388

Also

 kernel BUG at arch/powerpc/mm/book3s64/pgtable.c:202!
 ....

 NIP [c000000000096510] pudp_huge_get_and_clear_full+0x98/0x174
 LR [c00000000206bb34] pud_advanced_tests+0x1b4/0x334
 Call Trace:
 [c000000004a2f950] [000d34c100000000] 0xd34c100000000 (unreliable)
 [c000000004a2f9a0] [c00000000206bb34] pud_advanced_tests+0x1b4/0x334
 [c000000004a2fa40] [c00000000206db34] debug_vm_pgtable+0xcbc/0x1c48
 [c000000004a2fc10] [c00000000000fd28] do_one_initcall+0x60/0x388

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-26850
https://www.cve.org/CVERecord?id=CVE-2024-26850
https://git.kernel.org/stable/c/720da1e593b85a550593b415bf1d79a053133451
https://git.kernel.org/stable/c/d2a9510c0e39d06f5544075c13040407bdbf2803
https://git.kernel.org/stable/c/eeeddf85fc58d48c58ad916e4ca12363ebd8ab21
https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2024/CVE-2024-26850.mbox
https://bugzilla.redhat.com/show_bug.cgi?id=2275752
Comment 1 Michal Hocko 2024-04-18 11:27:20 UTC 
These are VM_BUG_ON and we do not enable CONFIG_DEBUG_VM so this doesn't affect any of our kernels.
Comment 2 Thomas Leroy 2024-04-18 11:36:20 UTC 
(In reply to Michal Hocko from comment #1)
> These are VM_BUG_ON and we do not enable CONFIG_DEBUG_VM so this doesn't
> affect any of our kernels.

Thanks Michal. Closing