Linux Kernel PowerPC VIO Bus Notifier Vulnerability Causes Memory Access Issues

A vulnerability in the Linux kernel's handling of bus notifiers for PowerPC systems has been identified. The issue arises because the fail_iommu_setup() function registers a notifier for both PCI and VIO buses using a shared notifier_block structure. This shared structure can lead to notifiers intended for one bus type being incorrectly invoked on the other, causing potential memory access violations. Specifically, the problem has been observed with the VGA arbiter code, where a notifier for PCI buses is mistakenly called on a VIO device. This misrouting triggers a 'slab-out-of-bounds' error, indicating an invalid memory access, as reported by the Kernel Address Sanitizer (KASAN).

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, where the system encounters a memory access error that can disrupt normal operations.

Reproduction

The vulnerability can be reproduced by registering a notifier for the PCI bus that interacts with VIO devices. This can be done by enabling the appropriate configuration options in the Linux kernel and then triggering the bus notification process, which will result in the incorrect notifier being called on the VIO device, causing the memory access violation.

Remediation

The vulnerability has been addressed by modifying the Linux kernel to use separate notifier_block structures for PCI and VIO buses, preventing the cross-contamination of bus notifications. Users should upgrade to the latest version of the Linux kernel where this fix has been applied.