| Message ID | 20240419204939.46696-1-bethany.jamison@canonical.com |
|---|---|
| Headers | show |
| Series | CVE-2024-26710 | expand |
On 19/04/2024 22:49, Bethany Jamison wrote: > [Impact] > > In the Linux kernel, the following vulnerability has been resolved: > > powerpc/kasan: Limit KASAN thread size increase to 32KB > > KASAN is seen to increase stack usage, to the point that it was reported > to lead to stack overflow on some 32-bit machines (see link). > > To avoid overflows the stack size was doubled for KASAN builds in > commit 3e8635fb2e07 ("powerpc/kasan: Force thread size increase with > KASAN"). > > However with a 32KB stack size to begin with, the doubling leads to a > 64KB stack, which causes build errors: > arch/powerpc/kernel/switch.S:249: Error: operand out of range > (0x000000000000fe50 is not between 0xffffffffffff8000 and > 0x0000000000007fff) > > Although the asm could be reworked, in practice a 32KB stack seems > sufficient even for KASAN builds - the additional usage seems to be in > the 2-3KB range for a 64-bit KASAN build. > > So only increase the stack for KASAN if the stack size is < 32KB. > > [Fix] > > Mantic: Clean cherry-pick from linux-6.6.y > Jammy: not-affected > Focal: not-affected > Bionic: not-affected > Xenial: not-affected > Trusty: not-affected > > [Test Case] > > Compile and boot tested. > > [Where problems could occur] > > This fix affects those who use KASAN on PowerPC, an issue with this > fix would be visable to the user via a system crash. > > Michael Ellerman (1): > powerpc/kasan: Limit KASAN thread size increase to 32KB > > arch/powerpc/include/asm/thread_info.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
On 24/04/19 03:49PM, Bethany Jamison wrote: > [Impact] > > In the Linux kernel, the following vulnerability has been resolved: > > powerpc/kasan: Limit KASAN thread size increase to 32KB > > KASAN is seen to increase stack usage, to the point that it was reported > to lead to stack overflow on some 32-bit machines (see link). > > To avoid overflows the stack size was doubled for KASAN builds in > commit 3e8635fb2e07 ("powerpc/kasan: Force thread size increase with > KASAN"). > > However with a 32KB stack size to begin with, the doubling leads to a > 64KB stack, which causes build errors: > arch/powerpc/kernel/switch.S:249: Error: operand out of range > (0x000000000000fe50 is not between 0xffffffffffff8000 and > 0x0000000000007fff) > > Although the asm could be reworked, in practice a 32KB stack seems > sufficient even for KASAN builds - the additional usage seems to be in > the 2-3KB range for a 64-bit KASAN build. > > So only increase the stack for KASAN if the stack size is < 32KB. > > [Fix] > > Mantic: Clean cherry-pick from linux-6.6.y > Jammy: not-affected > Focal: not-affected > Bionic: not-affected > Xenial: not-affected > Trusty: not-affected > > [Test Case] > > Compile and boot tested. > > [Where problems could occur] > > This fix affects those who use KASAN on PowerPC, an issue with this > fix would be visable to the user via a system crash. > > Michael Ellerman (1): > powerpc/kasan: Limit KASAN thread size increase to 32KB > > arch/powerpc/include/asm/thread_info.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) Acked-by: Andrei Gherzan <andrei.gherzan@canonical.com>
On 19/04/2024 22:49, Bethany Jamison wrote: > [Impact] > > In the Linux kernel, the following vulnerability has been resolved: > > powerpc/kasan: Limit KASAN thread size increase to 32KB > > KASAN is seen to increase stack usage, to the point that it was reported > to lead to stack overflow on some 32-bit machines (see link). > > To avoid overflows the stack size was doubled for KASAN builds in > commit 3e8635fb2e07 ("powerpc/kasan: Force thread size increase with > KASAN"). > > However with a 32KB stack size to begin with, the doubling leads to a > 64KB stack, which causes build errors: > arch/powerpc/kernel/switch.S:249: Error: operand out of range > (0x000000000000fe50 is not between 0xffffffffffff8000 and > 0x0000000000007fff) > > Although the asm could be reworked, in practice a 32KB stack seems > sufficient even for KASAN builds - the additional usage seems to be in > the 2-3KB range for a 64-bit KASAN build. > > So only increase the stack for KASAN if the stack size is < 32KB. > > [Fix] > > Mantic: Clean cherry-pick from linux-6.6.y > Jammy: not-affected > Focal: not-affected > Bionic: not-affected > Xenial: not-affected > Trusty: not-affected > > [Test Case] > > Compile and boot tested. > > [Where problems could occur] > > This fix affects those who use KASAN on PowerPC, an issue with this > fix would be visable to the user via a system crash. > > Michael Ellerman (1): > powerpc/kasan: Limit KASAN thread size increase to 32KB > > arch/powerpc/include/asm/thread_info.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > It was applied already from upstream. I included the CVE no in the commit message.
[Impact] In the Linux kernel, the following vulnerability has been resolved: powerpc/kasan: Limit KASAN thread size increase to 32KB KASAN is seen to increase stack usage, to the point that it was reported to lead to stack overflow on some 32-bit machines (see link). To avoid overflows the stack size was doubled for KASAN builds in commit 3e8635fb2e07 ("powerpc/kasan: Force thread size increase with KASAN"). However with a 32KB stack size to begin with, the doubling leads to a 64KB stack, which causes build errors: arch/powerpc/kernel/switch.S:249: Error: operand out of range (0x000000000000fe50 is not between 0xffffffffffff8000 and 0x0000000000007fff) Although the asm could be reworked, in practice a 32KB stack seems sufficient even for KASAN builds - the additional usage seems to be in the 2-3KB range for a 64-bit KASAN build. So only increase the stack for KASAN if the stack size is < 32KB. [Fix] Mantic: Clean cherry-pick from linux-6.6.y Jammy: not-affected Focal: not-affected Bionic: not-affected Xenial: not-affected Trusty: not-affected [Test Case] Compile and boot tested. [Where problems could occur] This fix affects those who use KASAN on PowerPC, an issue with this fix would be visable to the user via a system crash. Michael Ellerman (1): powerpc/kasan: Limit KASAN thread size increase to 32KB arch/powerpc/include/asm/thread_info.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)