CVE-2024-26713

In the Linux kernel, the following vulnerability has been resolved:
powerpc/pseries/iommu: Fix iommu initialisation during DLPAR add When a PCI
device is dynamically added, the kernel oopses with a NULL pointer
dereference: BUG: Kernel NULL pointer dereference on read at 0x00000030
Faulting instruction address: 0xc0000000006bbe5c Oops: Kernel access of bad
area, sig: 11 [#1] LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries
Modules linked in: rpadlpar_io rpaphp rpcsec_gss_krb5 auth_rpcgss nfsv4
dns_resolver nfs lockd grace fscache netfs xsk_diag bonding nft_compat
nf_tables nfnetlink rfkill binfmt_misc dm_multipath rpcrdma sunrpc rdma_ucm
ib_srpt ib_isert iscsi_target_mod target_core_mod ib_umad ib_iser libiscsi
scsi_transport_iscsi ib_ipoib rdma_cm iw_cm ib_cm mlx5_ib ib_uverbs ib_core
pseries_rng drm drm_panel_orientation_quirks xfs libcrc32c mlx5_core mlxfw
sd_mod t10_pi sg tls ibmvscsi ibmveth scsi_transport_srp vmx_crypto
pseries_wdt psample dm_mirror dm_region_hash dm_log dm_mod fuse CPU: 17
PID: 2685 Comm: drmgr Not tainted 6.7.0-203405+ #66 Hardware name:
IBM,9080-HEX POWER10 (raw) 0x800200 0xf000006 of:IBM,FW1060.00 (NH1060_008)
hv:phyp pSeries NIP: c0000000006bbe5c LR: c000000000a13e68 CTR:
c0000000000579f8 REGS: c00000009924f240 TRAP: 0300 Not tainted
(6.7.0-203405+) MSR: 8000000000009033 <SF,EE,ME,IR,DR,RI,LE> CR: 24002220
XER: 20040006 CFAR: c000000000a13e64 DAR: 0000000000000030 DSISR: 40000000
IRQMASK: 0 … NIP sysfs_add_link_to_group+0x34/0x94 LR
iommu_device_link+0x5c/0x118 Call Trace: iommu_init_device+0x26c/0x318
(unreliable) iommu_device_link+0x5c/0x118 iommu_init_device+0xa8/0x318
iommu_probe_device+0xc0/0x134 iommu_bus_notifier+0x44/0x104
notifier_call_chain+0xb8/0x19c blocking_notifier_call_chain+0x64/0x98
bus_notify+0x50/0x7c device_add+0x640/0x918 pci_device_add+0x23c/0x298
of_create_pci_dev+0x400/0x884 of_scan_pci_dev+0x124/0x1b0
__of_scan_bus+0x78/0x18c pcibios_scan_phb+0x2a4/0x3b0
init_phb_dynamic+0xb8/0x110 dlpar_add_slot+0x170/0x3b8 [rpadlpar_io]
add_slot_store.part.0+0xb4/0x130 [rpadlpar_io] kobj_attr_store+0x2c/0x48
sysfs_kf_write+0x64/0x78 kernfs_fop_write_iter+0x1b0/0x290
vfs_write+0x350/0x4a0 ksys_write+0x84/0x140
system_call_exception+0x124/0x330 system_call_vectored_common+0x15c/0x2ec
Commit a940904443e4 (“powerpc/iommu: Add iommu_ops to report capabilities
and allow blocking domains”) broke DLPAR add of PCI devices. The above
added iommu_device structure to pci_controller. During system boot, PCI
devices are discovered and this newly added iommu_device structure is
initialized by a call to iommu_device_register(). During DLPAR add of a PCI
device, a new pci_controller structure is allocated but there are no calls
made to iommu_device_register() interface. Fix is to register the iommu
device during DLPAR add as well. [mpe: Trim oops and tweak some change log
wording]