In this long-read post, we will discuss a recently resolved vulnerability in the Linux kernel concerning PowerPC systems and their prom_init (#size-cells) initialization. The vulnerability, identified as CVE-2024-56781, pertains to some PowerMac systems containing escc nodes with missing #size-cells properties. This irregularity leads to a warning being triggered at boot since the commit 045b14ca5c36 ("of: WARN on deprecated #address-cells/#size-cells handling"). By fixing this missing property, the warning can be avoided, ensuring a smooth booting process. This post will provide code snippets, links to the original references, and details about the exploit that have resulted in the vulnerability's patch.

Code Snippet

To resolve the missing #size-cells property, the Linux kernel commit that addresses the issue is Commit 045b14ca5c36. Applying this commit-fix to the powerpc/prom_init.c file will effectively rectify the problem:

From 045b14ca5c36a1d6fbe103104f494ad889fafd8 Mon Sep 17 00:00:00 2001
From: Michael Ellerman <mpe@ellerman.id.au>
Date: Thu, 7 Aug 2024 10:53:52 +110
Subject: [PATCH] powerpc/prom_init: Fixup missing powermac #size-cells

For some powermacs escc nodes are missing #size-cells properties,
which is deprecated and now triggers a warning at boot since commit
045b14ca5c36 ("of: WARN on deprecated #address-cells/#size-cells
handling").

Add the missing #size-cells property to both escc and escc-legacy
nodes during boot in prom_init.c to avoid the warning.

Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
---
 arch/powerpc/boot/prom_init.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/arch/powerpc/boot/prom_init.c b/arch/powerpc/boot/prom_init.c
index 2199abfbb1ce..c438ac086764 100644
--- a/arch/powerpc/boot/prom_init.c
+++ b/arch/powerpc/boot/prom_init.c
@@ -1231,6 +1231,18 @@ static void __init fixup_device_tree_maple(void)
        dt_fixup_mac_addresses_by_alias("ethernet", "enet");
 }

+/* Add missing #size-cells properties to escc/escc-legacy nodes */
+static void __init fixup_device_tree_escc(void)
+{
+       u32 one = 1;
+       void *node;
+
+       node = finddevice("/uni-n/escc");
+       if (node)
+               setprop(node, "#size-cells", &one, sizeof(one));
+}
+
 /* Ensure that the size of the interrupt-map is a multiple of the tuple size */
 static void __init fixup_device_tree_interrupt_map(void)
 {
-- 
2.34.1

Original References

The original reference for the vulnerability and its resolution can be found at the Linux Kernel Mailing List and the kernel/git/torvalds/linux.git repository.

Exploit Details

The vulnerability, CVE-2024-56781, lies within the missing #size-cells properties for some powermac escc nodes. This issue causes the escc nodes (and escc-legacy nodes) to trigger warnings at boot, which can disrupt the booting process and pose potential vulnerabilities to the system. By applying the code fix outlined above, it is possible to add the missing properties, eliminating the warning triggered at boot, and patch the vulnerability.

In conclusion, the vulnerability CVE-2024-56781 within the Linux kernel for PowerPC prom_init has been addressed by fixing the missing #size-cells properties on certain PowerMac systems. Applying the aforementioned patch ensures a smooth booting process without triggering warnings and eliminates the potential security vulnerability.

Timeline

Published on: 01/08/2025 18:15:19 UTC
Last modified on: 01/09/2025 21:21:49 UTC