1227919 – (CVE-2021-47623) VUL-0: CVE-2021-47623: kernel: powerpc/fixmap: Fix VM debug warning on unmap

Bug 1227919 (CVE-2021-47623) - VUL-0: CVE-2021-47623: kernel: powerpc/fixmap: Fix VM debug warning on unmap

Summary: VUL-0: CVE-2021-47623: kernel: powerpc/fixmap: Fix VM debug warning on unmap

Status:	NEW

Alias:	CVE-2021-47623

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Normal
Target Milestone:	---
Assignee:	Kernel Bugs
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/414212/
Whiteboard:	CVSSv3.1:SUSE:CVE-2021-47623:0.0:(AV:...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2024-07-16 12:34 UTC by SMASH SMASH
Modified:	2024-07-16 12:59 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description SMASH SMASH 2024-07-16 12:34:00 UTC

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

powerpc/fixmap: Fix VM debug warning on unmap

Unmapping a fixmap entry is done by calling __set_fixmap()
with FIXMAP_PAGE_CLEAR as flags.

Today, powerpc __set_fixmap() calls map_kernel_page().

map_kernel_page() is not happy when called a second time
for the same page.

	WARNING: CPU: 0 PID: 1 at arch/powerpc/mm/pgtable.c:194 set_pte_at+0xc/0x1e8
	CPU: 0 PID: 1 Comm: swapper Not tainted 5.16.0-rc3-s3k-dev-01993-g350ff07feb7d-dirty #682
	NIP:  c0017cd4 LR: c00187f0 CTR: 00000010
	REGS: e1011d50 TRAP: 0700   Not tainted  (5.16.0-rc3-s3k-dev-01993-g350ff07feb7d-dirty)
	MSR:  00029032 <EE,ME,IR,DR,RI>  CR: 42000208  XER: 00000000

	GPR00: c0165fec e1011e10 c14c0000 c0ee2550 ff800000 c0f3d000 00000000 c001686c
	GPR08: 00001000 b00045a9 00000001 c0f58460 c0f50000 00000000 c0007e10 00000000
	GPR16: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
	GPR24: 00000000 00000000 c0ee2550 00000000 c0f57000 00000ff8 00000000 ff800000
	NIP [c0017cd4] set_pte_at+0xc/0x1e8
	LR [c00187f0] map_kernel_page+0x9c/0x100
	Call Trace:
	[e1011e10] [c0736c68] vsnprintf+0x358/0x6c8 (unreliable)
	[e1011e30] [c0165fec] __set_fixmap+0x30/0x44
	[e1011e40] [c0c13bdc] early_iounmap+0x11c/0x170
	[e1011e70] [c0c06cb0] ioremap_legacy_serial_console+0x88/0xc0
	[e1011e90] [c0c03634] do_one_initcall+0x80/0x178
	[e1011ef0] [c0c0385c] kernel_init_freeable+0xb4/0x250
	[e1011f20] [c0007e34] kernel_init+0x24/0x140
	[e1011f30] [c0016268] ret_from_kernel_thread+0x5c/0x64
	Instruction dump:
	7fe3fb78 48019689 80010014 7c630034 83e1000c 5463d97e 7c0803a6 38210010
	4e800020 81250000 712a0001 41820008 <0fe00000> 9421ffe0 93e1001c 48000030

Implement unmap_kernel_page() which clears an existing pte.

The Linux kernel CVE team has assigned CVE-2021-47623 to this issue.


Affected and fixed versions
===========================

	Fixed in 5.10.101 with commit 67baac10dd5a
	Fixed in 5.15.24 with commit 43ae0ccc4d27
	Fixed in 5.16.10 with commit 033fd42c18d9
	Fixed in 5.17 with commit aec982603aa8

Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.

Unaffected versions might change over time as fixes are backported to
older supported kernel versions.  The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2021-47623
will be updated if fixes are backported, please check that for the most
up to date information about this issue.


Affected files
==============

The file(s) affected by this issue are:
	arch/powerpc/include/asm/book3s/32/pgtable.h
	arch/powerpc/include/asm/book3s/64/pgtable.h
	arch/powerpc/include/asm/fixmap.h
	arch/powerpc/include/asm/nohash/32/pgtable.h
	arch/powerpc/include/asm/nohash/64/pgtable.h
	arch/powerpc/mm/pgtable.c


Mitigation
==========

The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes.  Individual
changes are never tested alone, but rather are part of a larger kernel
release.  Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all.  If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
	https://git.kernel.org/stable/c/67baac10dd5ad1e9f50e8f2659984b3b0728d54e
	https://git.kernel.org/stable/c/43ae0ccc4d2722b833fb59b905af129428e06d03
	https://git.kernel.org/stable/c/033fd42c18d9b2121595b6f1e8419a115f9ac5b7
	https://git.kernel.org/stable/c/aec982603aa8cc0a21143681feb5f60ecc69d718

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-47623
https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2021/CVE-2021-47623.mbox
https://git.kernel.org/stable/c/67baac10dd5ad1e9f50e8f2659984b3b0728d54e
https://git.kernel.org/stable/c/43ae0ccc4d2722b833fb59b905af129428e06d03
https://git.kernel.org/stable/c/033fd42c18d9b2121595b6f1e8419a115f9ac5b7
https://git.kernel.org/stable/c/aec982603aa8cc0a21143681feb5f60ecc69d718