Linux Kernel PowerPC KASAN Vulnerability in Early Shadow Page Table Update

A vulnerability in the Linux kernel's handling of the early shadow page table for PowerPC architecture has been addressed. The issue arose because the shadow's page table was not properly updated when the Page Table Entry (PTE) Resident Page Number (RPN) Shift was 24 and the Page Shift was 12. This discrepancy led to both false positives and false negatives in the Kernel Address Sanitizer (KASAN) checks. The vulnerability was resolved by correcting the logic that manages the early shadow page entries, ensuring accurate memory tracking and KASAN functionality.

Impact

The vulnerability caused incorrect memory access reports, leading to false positives and negatives in KASAN's memory safety checks. This could result in undetected memory corruption issues or misreported memory access violations.

Reproduction

The vulnerability can be reproduced by running a Linux kernel version that is affected by this issue, specifically in the PowerPC architecture. KASAN must be enabled to observe the false negative behavior, where KASAN fails to report an expected out-of-bounds memory access. This can be tested using the KASAN test suite, which includes a test that intentionally triggers a vmalloc-out-of-bounds error. The absence of the expected KASAN report before the fix demonstrates the vulnerability.

Remediation

Users should upgrade to the latest stable version of the Linux kernel where this vulnerability has been fixed.