diff options
Diffstat (limited to 'meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2023-52619.patch')
-rw-r--r-- | meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2023-52619.patch | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2023-52619.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2023-52619.patch new file mode 100644 index 000000000..647e66a9a --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2023-52619.patch @@ -0,0 +1,45 @@ +From 0593cfd321df9001142a9d2c58d4144917dff7ee Mon Sep 17 00:00:00 2001 +From: Weichen Chen <weichen.chen@mediatek.com> +Date: Fri, 24 Feb 2023 10:36:32 +0800 +Subject: pstore/ram: Fix crash when setting number of cpus to an odd number + +[ Upstream commit d49270a04623ce3c0afddbf3e984cb245aa48e9c ] + +When the number of cpu cores is adjusted to 7 or other odd numbers, +the zone size will become an odd number. +The address of the zone will become: + addr of zone0 = BASE + addr of zone1 = BASE + zone_size + addr of zone2 = BASE + zone_size*2 + ... +The address of zone1/3/5/7 will be mapped to non-alignment va. +Eventually crashes will occur when accessing these va. + +So, use ALIGN_DOWN() to make sure the zone size is even +to avoid this bug. + +Signed-off-by: Weichen Chen <weichen.chen@mediatek.com> +Reviewed-by: Matthias Brugger <matthias.bgg@gmail.com> +Tested-by: "Guilherme G. Piccoli" <gpiccoli@igalia.com> +Link: https://lore.kernel.org/r/20230224023632.6840-1-weichen.chen@mediatek.com +Signed-off-by: Kees Cook <keescook@chromium.org> +Signed-off-by: Sasha Levin <sashal@kernel.org> +--- + fs/pstore/ram.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/fs/pstore/ram.c b/fs/pstore/ram.c +index d36702c7ab3c43..88b34fdbf7592f 100644 +--- a/fs/pstore/ram.c ++++ b/fs/pstore/ram.c +@@ -529,6 +529,7 @@ static int ramoops_init_przs(const char *name, + } + + zone_sz = mem_sz / *cnt; ++ zone_sz = ALIGN_DOWN(zone_sz, 2); + if (!zone_sz) { + dev_err(dev, "%s zone size == 0\n", name); + goto fail; +-- +cgit 1.2.3-korg + |