[<prev] [next>] [day] [month] [year] [list]
Message-ID: <2024062005-CVE-2021-47617-da02@gregkh>
Date: Thu, 20 Jun 2024 12:57:06 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2021-47617: PCI: pciehp: Fix infinite loop in IRQ handler upon power fault
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
PCI: pciehp: Fix infinite loop in IRQ handler upon power fault
The Power Fault Detected bit in the Slot Status register differs from
all other hotplug events in that it is sticky: It can only be cleared
after turning off slot power. Per PCIe r5.0, sec. 6.7.1.8:
If a power controller detects a main power fault on the hot-plug slot,
it must automatically set its internal main power fault latch [...].
The main power fault latch is cleared when software turns off power to
the hot-plug slot.
The stickiness used to cause interrupt storms and infinite loops which
were fixed in 2009 by commits 5651c48cfafe ("PCI pciehp: fix power fault
interrupt storm problem") and 99f0169c17f3 ("PCI: pciehp: enable
software notification on empty slots").
Unfortunately in 2020 the infinite loop issue was inadvertently
reintroduced by commit 8edf5332c393 ("PCI: pciehp: Fix MSI interrupt
race"): The hardirq handler pciehp_isr() clears the PFD bit until
pciehp's power_fault_detected flag is set. That happens in the IRQ
thread pciehp_ist(), which never learns of the event because the hardirq
handler is stuck in an infinite loop. Fix by setting the
power_fault_detected flag already in the hardirq handler.
The Linux kernel CVE team has assigned CVE-2021-47617 to this issue.
Affected and fixed versions
===========================
Issue introduced in 4.19.149 with commit a8cc52270f3d and fixed in 4.19.233 with commit ff27f7d0333c
Issue introduced in 5.4.69 with commit 4667358dab9c and fixed in 5.4.177 with commit 464da38ba827
Issue introduced in 5.7 with commit 8edf5332c393 and fixed in 5.10.97 with commit 3b4c966fb156
Issue introduced in 5.7 with commit 8edf5332c393 and fixed in 5.15.20 with commit 1db58c6584a7
Issue introduced in 5.7 with commit 8edf5332c393 and fixed in 5.16.6 with commit 6d6f1f0dac3e
Issue introduced in 5.7 with commit 8edf5332c393 and fixed in 5.17 with commit 23584c1ed3e1
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2021-47617
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
drivers/pci/hotplug/pciehp_hpc.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/ff27f7d0333cff89ec85c419f431aca1b38fb16a
https://git.kernel.org/stable/c/464da38ba827f670deac6500a1de9a4f0f44c41d
https://git.kernel.org/stable/c/3b4c966fb156ff3e70b2526d964952ff7c1574d9
https://git.kernel.org/stable/c/1db58c6584a72102e98af2e600ea184ddaf2b8af
https://git.kernel.org/stable/c/6d6f1f0dac3e3441ecdb1103d4efb11b9ed24dd5
https://git.kernel.org/stable/c/23584c1ed3e15a6f4bfab8dc5a88d94ab929ee12
Powered by blists - more mailing lists