Linux Kernel Runtime Constant Support Vulnerability in RISC-V NOMMU Kernels

A vulnerability in the Linux kernel's handling of runtime constant support for RISC-V NOMMU kernels has been addressed. The issue arose in the `__runtime_fixup_32` function, which improperly managed cases where the `val` parameter was zero. This mismanagement could occur when patching a NOMMU kernel and referencing a physical address below the 4 GiB threshold, where the upper 32 bits were all zero. The existing logic allowed the function to incorrectly emit two `nop` instructions, leaving random data in the register intended for the upper 32 bits of a pointer. When this corrupted data was combined with the lower 32 bits, it resulted in an invalid pointer, causing a kernel panic upon access. The vulnerability was rooted in the failure to fully apply the logic of adjusting the second instruction to an `li` after converting the first to a `nop`, particularly when the `else` branch of the nop-checks was executed.

Impact

Exploitation of this vulnerability could lead to a kernel panic, causing a denial of service by crashing the kernel.