fkie_cve-2023-53706
Vulnerability from fkie_nvd
Published
2025-10-22 14:15
Modified
2025-10-22 21:12
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: mm/vmemmap/devdax: fix kernel crash when probing devdax devices commit 4917f55b4ef9 ("mm/sparse-vmemmap: improve memory savings for compound devmaps") added support for using optimized vmmemap for devdax devices. But how vmemmap mappings are created are architecture specific. For example, powerpc with hash translation doesn't have vmemmap mappings in init_mm page table instead they are bolted table entries in the hardware page table vmemmap_populate_compound_pages() used by vmemmap optimization code is not aware of these architecture-specific mapping. Hence allow architecture to opt for this feature. I selected architectures supporting HUGETLB_PAGE_OPTIMIZE_VMEMMAP option as also supporting this feature. This patch fixes the below crash on ppc64. BUG: Unable to handle kernel data access on write at 0xc00c000100400038 Faulting instruction address: 0xc000000001269d90 Oops: Kernel access of bad area, sig: 11 [#1] LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries Modules linked in: CPU: 7 PID: 1 Comm: swapper/0 Not tainted 6.3.0-rc5-150500.34-default+ #2 5c90a668b6bbd142599890245c2fb5de19d7d28a Hardware name: IBM,9009-42G POWER9 (raw) 0x4e0202 0xf000005 of:IBM,FW950.40 (VL950_099) hv:phyp pSeries NIP: c000000001269d90 LR: c0000000004c57d4 CTR: 0000000000000000 REGS: c000000003632c30 TRAP: 0300 Not tainted (6.3.0-rc5-150500.34-default+) MSR: 8000000000009033 <SF,EE,ME,IR,DR,RI,LE> CR: 24842228 XER: 00000000 CFAR: c0000000004c57d0 DAR: c00c000100400038 DSISR: 42000000 IRQMASK: 0 .... NIP [c000000001269d90] __init_single_page.isra.74+0x14/0x4c LR [c0000000004c57d4] __init_zone_device_page+0x44/0xd0 Call Trace: [c000000003632ed0] [c000000003632f60] 0xc000000003632f60 (unreliable) [c000000003632f10] [c0000000004c5ca0] memmap_init_zone_device+0x170/0x250 [c000000003632fe0] [c0000000005575f8] memremap_pages+0x2c8/0x7f0 [c0000000036330c0] [c000000000557b5c] devm_memremap_pages+0x3c/0xa0 [c000000003633100] [c000000000d458a8] dev_dax_probe+0x108/0x3e0 [c0000000036331a0] [c000000000d41430] dax_bus_probe+0xb0/0x140 [c0000000036331d0] [c000000000cef27c] really_probe+0x19c/0x520 [c000000003633260] [c000000000cef6b4] __driver_probe_device+0xb4/0x230 [c0000000036332e0] [c000000000cef888] driver_probe_device+0x58/0x120 [c000000003633320] [c000000000cefa6c] __device_attach_driver+0x11c/0x1e0 [c0000000036333a0] [c000000000cebc58] bus_for_each_drv+0xa8/0x130 [c000000003633400] [c000000000ceefcc] __device_attach+0x15c/0x250 [c0000000036334a0] [c000000000ced458] bus_probe_device+0x108/0x110 [c0000000036334f0] [c000000000ce92dc] device_add+0x7fc/0xa10 [c0000000036335b0] [c000000000d447c8] devm_create_dev_dax+0x1d8/0x530 [c000000003633640] [c000000000d46b60] __dax_pmem_probe+0x200/0x270 [c0000000036337b0] [c000000000d46bf0] dax_pmem_probe+0x20/0x70 [c0000000036337d0] [c000000000d2279c] nvdimm_bus_probe+0xac/0x2b0 [c000000003633860] [c000000000cef27c] really_probe+0x19c/0x520 [c0000000036338f0] [c000000000cef6b4] __driver_probe_device+0xb4/0x230 [c000000003633970] [c000000000cef888] driver_probe_device+0x58/0x120 [c0000000036339b0] [c000000000cefd08] __driver_attach+0x1d8/0x240 [c000000003633a30] [c000000000cebb04] bus_for_each_dev+0xb4/0x130 [c000000003633a90] [c000000000cee564] driver_attach+0x34/0x50 [c000000003633ab0] [c000000000ced878] bus_add_driver+0x218/0x300 [c000000003633b40] [c000000000cf1144] driver_register+0xa4/0x1b0 [c000000003633bb0] [c000000000d21a0c] __nd_driver_register+0x5c/0x100 [c000000003633c10] [c00000000206a2e8] dax_pmem_init+0x34/0x48 [c000000003633c30] [c0000000000132d0] do_one_initcall+0x60/0x320 [c000000003633d00] [c0000000020051b0] kernel_init_freeable+0x360/0x400 [c000000003633de0] [c000000000013764] kernel_init+0x34/0x1d0 [c000000003633e50] [c00000000000de14] ret_from_kernel_thread+0x5c/0x64
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/87a7ae75d7383afa998f57656d1d14e2a730cc47
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/8f4603588acf5807aa1f1b4b1ea2b0365acd71f0
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/vmemmap/devdax: fix kernel crash when probing devdax devices\n\ncommit 4917f55b4ef9 (\"mm/sparse-vmemmap: improve memory savings for\ncompound devmaps\") added support for using optimized vmmemap for devdax\ndevices.  But how vmemmap mappings are created are architecture specific. \nFor example, powerpc with hash translation doesn\u0027t have vmemmap mappings\nin init_mm page table instead they are bolted table entries in the\nhardware page table\n\nvmemmap_populate_compound_pages() used by vmemmap optimization code is not\naware of these architecture-specific mapping.  Hence allow architecture to\nopt for this feature.  I selected architectures supporting\nHUGETLB_PAGE_OPTIMIZE_VMEMMAP option as also supporting this feature.\n\nThis patch fixes the below crash on ppc64.\n\nBUG: Unable to handle kernel data access on write at 0xc00c000100400038\nFaulting instruction address: 0xc000000001269d90\nOops: Kernel access of bad area, sig: 11 [#1]\nLE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries\nModules linked in:\nCPU: 7 PID: 1 Comm: swapper/0 Not tainted 6.3.0-rc5-150500.34-default+ #2 5c90a668b6bbd142599890245c2fb5de19d7d28a\nHardware name: IBM,9009-42G POWER9 (raw) 0x4e0202 0xf000005 of:IBM,FW950.40 (VL950_099) hv:phyp pSeries\nNIP:  c000000001269d90 LR: c0000000004c57d4 CTR: 0000000000000000\nREGS: c000000003632c30 TRAP: 0300   Not tainted  (6.3.0-rc5-150500.34-default+)\nMSR:  8000000000009033 \u003cSF,EE,ME,IR,DR,RI,LE\u003e  CR: 24842228  XER: 00000000\nCFAR: c0000000004c57d0 DAR: c00c000100400038 DSISR: 42000000 IRQMASK: 0\n....\nNIP [c000000001269d90] __init_single_page.isra.74+0x14/0x4c\nLR [c0000000004c57d4] __init_zone_device_page+0x44/0xd0\nCall Trace:\n[c000000003632ed0] [c000000003632f60] 0xc000000003632f60 (unreliable)\n[c000000003632f10] [c0000000004c5ca0] memmap_init_zone_device+0x170/0x250\n[c000000003632fe0] [c0000000005575f8] memremap_pages+0x2c8/0x7f0\n[c0000000036330c0] [c000000000557b5c] devm_memremap_pages+0x3c/0xa0\n[c000000003633100] [c000000000d458a8] dev_dax_probe+0x108/0x3e0\n[c0000000036331a0] [c000000000d41430] dax_bus_probe+0xb0/0x140\n[c0000000036331d0] [c000000000cef27c] really_probe+0x19c/0x520\n[c000000003633260] [c000000000cef6b4] __driver_probe_device+0xb4/0x230\n[c0000000036332e0] [c000000000cef888] driver_probe_device+0x58/0x120\n[c000000003633320] [c000000000cefa6c] __device_attach_driver+0x11c/0x1e0\n[c0000000036333a0] [c000000000cebc58] bus_for_each_drv+0xa8/0x130\n[c000000003633400] [c000000000ceefcc] __device_attach+0x15c/0x250\n[c0000000036334a0] [c000000000ced458] bus_probe_device+0x108/0x110\n[c0000000036334f0] [c000000000ce92dc] device_add+0x7fc/0xa10\n[c0000000036335b0] [c000000000d447c8] devm_create_dev_dax+0x1d8/0x530\n[c000000003633640] [c000000000d46b60] __dax_pmem_probe+0x200/0x270\n[c0000000036337b0] [c000000000d46bf0] dax_pmem_probe+0x20/0x70\n[c0000000036337d0] [c000000000d2279c] nvdimm_bus_probe+0xac/0x2b0\n[c000000003633860] [c000000000cef27c] really_probe+0x19c/0x520\n[c0000000036338f0] [c000000000cef6b4] __driver_probe_device+0xb4/0x230\n[c000000003633970] [c000000000cef888] driver_probe_device+0x58/0x120\n[c0000000036339b0] [c000000000cefd08] __driver_attach+0x1d8/0x240\n[c000000003633a30] [c000000000cebb04] bus_for_each_dev+0xb4/0x130\n[c000000003633a90] [c000000000cee564] driver_attach+0x34/0x50\n[c000000003633ab0] [c000000000ced878] bus_add_driver+0x218/0x300\n[c000000003633b40] [c000000000cf1144] driver_register+0xa4/0x1b0\n[c000000003633bb0] [c000000000d21a0c] __nd_driver_register+0x5c/0x100\n[c000000003633c10] [c00000000206a2e8] dax_pmem_init+0x34/0x48\n[c000000003633c30] [c0000000000132d0] do_one_initcall+0x60/0x320\n[c000000003633d00] [c0000000020051b0] kernel_init_freeable+0x360/0x400\n[c000000003633de0] [c000000000013764] kernel_init+0x34/0x1d0\n[c000000003633e50] [c00000000000de14] ret_from_kernel_thread+0x5c/0x64"
    }
  ],
  "id": "CVE-2023-53706",
  "lastModified": "2025-10-22T21:12:48.953",
  "metrics": {},
  "published": "2025-10-22T14:15:45.197",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/87a7ae75d7383afa998f57656d1d14e2a730cc47"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/8f4603588acf5807aa1f1b4b1ea2b0365acd71f0"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.