In the Linux kernel, the following vulnerability has been resolved:
powerpc/kasan: Fix addr error caused by page alignment
In kasaninitregion, when kstart is not page aligned, at the begin of
for loop, kcur = kstart & PAGEMASK is less than kstart, and then
va = block + k_cur - k_start
is less than block, the addr va is invalid,
because the memory address space from va to block is not alloced by
memblockalloc, which will not be reserved by memblock_reserve later, it
will be used by other places.
As a result, memory overwriting occurs.
for example: int _init _weak kasaninitregion(void start, size_t size) { [...] / if say block(dcd97000) kstart(feef7400) kend(feeff3fe) / block = memblock_alloc(k_end - k_start, PAGE_SIZE); [...] for (k_cur = k_start & PAGE_MASK; k_cur < k_end; k_cur += PAGE_SIZE) { / at the begin of for loop * block(dcd97000) va(dcd96c00) kcur(feef7000) kstart(feef7400) * va(dcd96c00) is less than block(dcd97000), va is invalid */ void *va = block + kcur - kstart; [...] } [...] }
Therefore, page alignment is performed on kstart before memblockalloc() to ensure the validity of the VA address.