In the Linux kernel, the following vulnerability has been resolved:
net: wwan: t7xx: Split 64bit accesses to fix alignment issues
Some of the registers are aligned on a 32bit boundary, causing alignment faults on 64bit platforms.
Unable to handle kernel paging request at virtual address ffffffc084a1d004 Mem abort info: ESR = 0x0000000096000061 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x21: alignment fault Data abort info: ISV = 0, ISS = 0x00000061, ISS2 = 0x00000000 CM = 0, WnR = 1, TnD = 0, TagAccess = 0 GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 swapper pgtable: 4k pages, 39-bit VAs, pgdp=0000000046ad6000 [ffffffc084a1d004] pgd=100000013ffff003, p4d=100000013ffff003, pud=100000013ffff003, pmd=0068000020a00711 Internal error: Oops: 0000000096000061 [#1] SMP Modules linked in: mtkt7xx(+) qcserial pppoe pppasync option nftfibinet nfflowtableinet mt7921u(O) mt7921s(O) mt7921e(O) mt7921common(O) iwlmvm(O) iwldvm(O) usbwwan rndishost qmiwwan pppox pppgeneric nftrejectipv6 nftrejectipv4 nftrejectinet nftreject nftredir nftquota nftnumgen nftnat nftmasq nftlog nftlimit nfthash nftflowoffload nftfibipv6 nftfibipv4 nftfib nftct nftchainnat nftables nfnat nfflowtable nfconntrack mt7996e(O) mt792xusb(O) mt792xlib(O) mt7915e(O) mt76usb(O) mt76sdio(O) mt76connaclib(O) mt76(O) mac80211(O) iwlwifi(O) huaweicdcncm cfg80211(O) cdcncm cdcether wwan usbserial usbnet slhc sfp rtcpcf8563 nfnetlink nfrejectipv6 nfrejectipv4 nflogsyslog nfdefragipv6 nfdefragipv4 mt6577auxadc mdioi2c libcrc32c compat(O) cdcwdm cdcacm at24 cryptosafexcel pwmfan i2cgpio i2csmbus industrialio i2calgobit i2cmuxreg i2cmuxpca954x i2cmuxpca9541 i2cmuxgpio i2cmux dummy oidregistry tun sha512arm64 sha1ce sha1generic seqiv md5 geniv desgeneric libdes cbc authencesn authenc ledsgpio xhciplathcd xhcipci xhcimtkhcd xhcihcd nvme nvmecore gpiobuttonhotplug(O) dmmirror dmregionhash dmlog dmcrypt dmmod dax usbcore usbcommon ptp aquantia ppscore mii tpm encryptedkeys trusted CPU: 3 PID: 5266 Comm: kworker/u9:1 Tainted: G O 6.6.22 #0 Hardware name: Bananapi BPI-R4 (DT) Workqueue: mdhkwq t7xxfsmuninit [mtkt7xx] pstate: 804000c5 (Nzcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : t7xxcldmahwsetstartaddr+0x1c/0x3c [mtkt7xx] lr : t7xxcldmastart+0xac/0x13c [mtkt7xx] sp : ffffffc085d63d30 x29: ffffffc085d63d30 x28: 0000000000000000 x27: 0000000000000000 x26: 0000000000000000 x25: ffffff80c804f2c0 x24: ffffff80ca196c05 x23: 0000000000000000 x22: ffffff80c814b9b8 x21: ffffff80c814b128 x20: 0000000000000001 x19: ffffff80c814b080 x18: 0000000000000014 x17: 0000000055c9806b x16: 000000007c5296d0 x15: 000000000f6bca68 x14: 00000000dbdbdce4 x13: 000000001aeaf72a x12: 0000000000000001 x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000 x8 : ffffff80ca1ef6b4 x7 : ffffff80c814b818 x6 : 0000000000000018 x5 : 0000000000000870 x4 : 0000000000000000 x3 : 0000000000000000 x2 : 000000010a947000 x1 : ffffffc084a1d004 x0 : ffffffc084a1d004 Call trace: t7xxcldmahwsetstartaddr+0x1c/0x3c [mtkt7xx] t7xxfsmuninit+0x578/0x5ec [mtkt7xx] processonework+0x154/0x2a0 workerthread+0x2ac/0x488 kthread+0xe0/0xec retfromfork+0x10/0x20 Code: f9400800 91001000 8b214001 d50332bf (f9000022) ---[ end trace 0000000000000000 ]---
The inclusion of io-64-nonatomic-lo-hi.h indicates that all 64bit accesses can be replaced by pairs of nonatomic 32bit access. Fix alignment by forcing all accesses to be 32bit on 64bit platforms.