CVE-2024-26947

In the Linux kernel, the following vulnerability has been resolved:

ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses

Since commit a4d5613c4dc6 ("arm: extend pfnvalid to take into account freed memory map alignment") changes the semantics of pfnvalid() to check presence of the memory map for a PFN. A valid page for an address which is reserved but not mapped by the kernel[1], the system crashed during some uio test with the following memory layout:

node 0: [mem 0x00000000c0a00000-0x00000000cc8fffff] node 0: [mem 0x00000000d0000000-0x00000000da1fffff] the uio layout is：0xc0900000, 0x100000

the crash backtrace like:

Unable to handle kernel paging request at virtual address bff00000 [...] CPU: 1 PID: 465 Comm: startapp.bin Tainted: G O 5.10.0 #1 Hardware name: Generic DT based system PC is at b15flushkerndcachearea+0x24/0x3c LR is at __syncicachedcache+0x6c/0x98 [...] (b15flushkerndcachearea) from (__syncicachedcache+0x6c/0x98) (__syncicachedcache) from (setpteat+0x28/0x54) (setpteat) from (remappfnrange+0x1a0/0x274) (remappfnrange) from (uiommap+0x184/0x1b8 [uio]) (uiommap [uio]) from (__mmap_region+0x264/0x5f4) (__mmap_region) from (__dommapmm+0x3ec/0x440) (__dommapmm) from (dommap+0x50/0x58) (dommap) from (vmmmappgoff+0xfc/0x188) (vmmmappgoff) from (ksysmmappgoff+0xac/0xc4) (ksysmmappgoff) from (retfastsyscall+0x0/0x5c) Code: e0801001 e2423001 e1c00003 f57ff04f (ee070f3e) ---[ end trace 09cf0734c3805d52 ]--- Kernel panic - not syncing: Fatal exception

So check if PG_reserved was set to solve this issue.