Linux Kernel PCI/P2PDMA Page Reference Count Warning Condition Vulnerability

A vulnerability in the Linux kernel's PCI/P2PDMA subsystem has been addressed. The issue arose in the 'p2pmem_alloc_mmap()' function, which incorrectly asserted that the initial page reference count should not be zero. This assertion led to a warning when 'CONFIG_DEBUG_VM' was enabled, indicating a reference count of zero. The vulnerability was caused by a previous commit that changed the initial reference count from one to zero, creating a mismatch. The warning condition has been fixed by correcting the assertion to properly reflect the expected reference count.

Impact

The vulnerability could lead to misleading warning messages about page reference counts, potentially obscuring real issues in memory management.

Reproduction

The vulnerability can be reproduced by enabling 'CONFIG_DEBUG_VM' and calling the 'p2pmem_alloc_mmap()' function with a PCI/P2PDMA page that has had its reference count set to zero. This will trigger the warning condition, indicating that the reference count is not as expected.

Remediation

Users can apply the latest patches from the Linux kernel stable tree to address this vulnerability.