A recent vulnerability found in the Linux kernel has been resolved. The vulnerability is related to the mm/sparsemem module, which manages sparse memory allocation. The vulnerability is a race condition when accessing memory_section->usage in certain scenarios. This post will discuss the details of the vulnerability, the fix, and reference materials related to the vulnerability.
The Vulnerability
The vulnerability was discovered during testing on Snapdragon SoC with a memory configuration of PFN's as [ZONE_NORMAL ZONE_DEVICE ZONE_NORMAL]. This configuration led to kernel crashes with CONFIG_SPASEMEM_VMEMAP enabled due to a race condition between the pfn_valid()/pfn_section_valid() and the section deactivate.
An in-depth explanation, along with logs and code snippet related to the vulnerability, can be found in this kernel mailing list archive: [1] https://lore.kernel.org/linux-mm/994410bb-89aa-d987-1f50-f514903c55aa@quicinc.com/
Clear SECTION_HAS_MEM_MAP before freeing the ->usage.
2. Implement RCU protected read-side critical section which either returns NULL when SECTION_HAS_MEM_MAP is cleared or can successfully access ->usage.
3. Free the ->usage with kfree_rcu() and set ms->usage = NULL. No attempt will be made to access ->usage after this, as the SECTION_HAS_MEM_MAP is cleared, thus valid_section() returns false.
The fix was developed with the help of inputs from David and Pavan.
Exploit Details
Currently, there are no publicly known exploits for this vulnerability, but it is essential for system administrators to apply the fix mentioned above to ensure the stability of their Linux kernel. The vulnerability is found in systems with specific memory configurations and can lead to kernel crashes.
Conclusion
Ensuring that software is regularly updated and patched is crucial to maintaining a stable and secure system. This Linux kernel vulnerability highlights the importance of keeping up to date with security vulnerabilities and fixes. As the fix is applied in future releases of the Linux kernel, it is essential for system administrators to update their systems to mitigate the potential impact of this vulnerability.
Timeline
Published on: 03/11/2024 18:15:16 UTC
Last modified on: 06/25/2024 23:15:22 UTC