CVE-2024-26710: powerpc/kasan: Limit KASAN thread size increase to 32KB - Greg Kroah-Hartman

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-cve-announce@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Subject: CVE-2024-26710: powerpc/kasan: Limit KASAN thread size increase to 32KB
Date: Wed,  3 Apr 2024 16:56:01 +0200	[thread overview]
Message-ID: <2024040342-CVE-2024-26710-6332@gregkh> (raw)

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

powerpc/kasan: Limit KASAN thread size increase to 32KB

KASAN is seen to increase stack usage, to the point that it was reported
to lead to stack overflow on some 32-bit machines (see link).

To avoid overflows the stack size was doubled for KASAN builds in
commit 3e8635fb2e07 ("powerpc/kasan: Force thread size increase with
KASAN").

However with a 32KB stack size to begin with, the doubling leads to a
64KB stack, which causes build errors:
  arch/powerpc/kernel/switch.S:249: Error: operand out of range (0x000000000000fe50 is not between 0xffffffffffff8000 and 0x0000000000007fff)

Although the asm could be reworked, in practice a 32KB stack seems
sufficient even for KASAN builds - the additional usage seems to be in
the 2-3KB range for a 64-bit KASAN build.

So only increase the stack for KASAN if the stack size is < 32KB.

The Linux kernel CVE team has assigned CVE-2024-26710 to this issue.

Affected and fixed versions
===========================

	Issue introduced in 6.1.75 with commit 9ccf64e763ac and fixed in 6.1.79 with commit 4297217bcf1f
	Issue introduced in 6.6.14 with commit b38014874530 and fixed in 6.6.18 with commit 4cc31fa07445
	Issue introduced in 6.7.2 with commit 58f396513cb1 and fixed in 6.7.6 with commit b29b16bd836a
	Issue introduced in 6.1.76 with commit f9a4c401bf4c

Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.

Unaffected versions might change over time as fixes are backported to
older supported kernel versions.  The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-26710
will be updated if fixes are backported, please check that for the most
up to date information about this issue.

Affected files
==============

The file(s) affected by this issue are:
	arch/powerpc/include/asm/thread_info.h

Mitigation
==========

The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes.  Individual
changes are never tested alone, but rather are part of a larger kernel
release.  Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all.  If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
	https://git.kernel.org/stable/c/4297217bcf1f0948a19c2bacc6b68d92e7778ad9
	https://git.kernel.org/stable/c/4cc31fa07445879a13750cb061bb8c2654975fcb
	https://git.kernel.org/stable/c/b29b16bd836a838b7690f80e37f8376414c74cbe
	https://git.kernel.org/stable/c/f1acb109505d983779bbb7e20a1ee6244d2b5736