Linux Kernel PowerPC Pseries Preemption Vulnerability in LPPACA Shared Processor Function

A vulnerability has been identified in the Linux kernel's PowerPC pseries platform, specifically within the LPPACA shared processor handling. The issue arises when the DEBUG_PREEMPT feature is enabled, leading to improper preemption management. This can cause errors when accessing certain procfs entries related to the lparcfg configuration, as the shared processor state is not correctly synchronized across CPUs. The vulnerability stems from the lppaca_shared_proc() function, which originally accepted a pointer to the LPPACA structure but failed to account for preemption, potentially leading to inconsistent processor state checks. The problem is exacerbated in the lparcfg data handling, which does not disable preemption before accessing shared processor information, unlike other parts of the code that have implemented a workaround.

Impact

The vulnerability can cause incorrect handling of shared processor states in PowerPC pseries systems, leading to potential synchronization issues and errors when accessing related procfs entries.

Reproduction

To reproduce this vulnerability, enable the DEBUG_PREEMPT feature in the Linux kernel. Then, access the /proc/powerpc/lparcfg file while the DEBUG_PREEMPT is active. This will trigger an error due to the improper handling of preemption in the lppaca_shared_proc() function, which does not correctly manage the shared processor state checks when accessed through the get_lppaca() pointer.

Remediation

The vulnerability has been addressed by modifying the lppaca_shared_proc() function to directly access the LPPACA structure without using a pointer, thereby avoiding preemption-related issues. Users should update to the latest version of the Linux kernel where this fix has been applied.