CVE-2024-26712

In the Linux kernel, the following vulnerability has been resolved:

powerpc/kasan: Fix addr error caused by page alignment

In kasaninitregion, when kstart is not page aligned, at the begin of for loop, kcur = kstart & PAGEMASK is less than kstart, and then va = block + k_cur - k_start is less than block, the addr va is invalid, because the memory address space from va to block is not alloced by memblockalloc, which will not be reserved by memblock_reserve later, it will be used by other places.

As a result, memory overwriting occurs.

for example: int _init _weak kasaninitregion(void start, size_t size) { [...] / if say block(dcd97000) kstart(feef7400) kend(feeff3fe) / block = memblock_alloc(k_end - k_start, PAGE_SIZE); [...] for (k_cur = k_start & PAGE_MASK; k_cur < k_end; k_cur += PAGE_SIZE) { / at the begin of for loop * block(dcd97000) va(dcd96c00) kcur(feef7000) kstart(feef7400) * va(dcd96c00) is less than block(dcd97000), va is invalid */ void *va = block + kcur - kstart; [...] } [...] }

Therefore, page alignment is performed on kstart before memblockalloc() to ensure the validity of the VA address.