[<prev] [next>] [day] [month] [year] [list]
Message-ID: <2024082137-CVE-2024-43876-793b@gregkh>
Date: Wed, 21 Aug 2024 08:07:40 +0800
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2024-43876: PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup()
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup()
Avoid large backtrace, it is sufficient to warn the user that there has
been a link problem. Either the link has failed and the system is in need
of maintenance, or the link continues to work and user has been informed.
The message from the warning can be looked up in the sources.
This makes an actual link issue less verbose.
First of all, this controller has a limitation in that the controller
driver has to assist the hardware with transition to L1 link state by
writing L1IATN to PMCTRL register, the L1 and L0 link state switching
is not fully automatic on this controller.
In case of an ASMedia ASM1062 PCIe SATA controller which does not support
ASPM, on entry to suspend or during platform pm_test, the SATA controller
enters D3hot state and the link enters L1 state. If the SATA controller
wakes up before rcar_pcie_wakeup() was called and returns to D0, the link
returns to L0 before the controller driver even started its transition to
L1 link state. At this point, the SATA controller did send an PM_ENTER_L1
DLLP to the PCIe controller and the PCIe controller received it, and the
PCIe controller did set PMSR PMEL1RX bit.
Once rcar_pcie_wakeup() is called, if the link is already back in L0 state
and PMEL1RX bit is set, the controller driver has no way to determine if
it should perform the link transition to L1 state, or treat the link as if
it is in L0 state. Currently the driver attempts to perform the transition
to L1 link state unconditionally, which in this specific case fails with a
PMSR L1FAEG poll timeout, however the link still works as it is already
back in L0 state.
Reduce this warning verbosity. In case the link is really broken, the
rcar_pcie_config_access() would fail, otherwise it will succeed and any
system with this controller and ASM1062 can suspend without generating
a backtrace.
The Linux kernel CVE team has assigned CVE-2024-43876 to this issue.
Affected and fixed versions
===========================
Issue introduced in 5.18 with commit 84b576146294 and fixed in 6.1.103 with commit 2ae4769332df
Issue introduced in 5.18 with commit 84b576146294 and fixed in 6.6.44 with commit 526a877c6273
Issue introduced in 5.18 with commit 84b576146294 and fixed in 6.10.3 with commit 3ff3bdde950f
Issue introduced in 5.18 with commit 84b576146294 and fixed in 6.11-rc1 with commit c93637e6a4c4
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2024-43876
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
drivers/pci/controller/pcie-rcar-host.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/2ae4769332dfdb97f4b6f5dc9ac8f46d02aaa3df
https://git.kernel.org/stable/c/526a877c6273d4cd0d0aede84c1d620479764b1c
https://git.kernel.org/stable/c/3ff3bdde950f1840df4030726cef156758a244d7
https://git.kernel.org/stable/c/c93637e6a4c4e1d0e85ef7efac78d066bbb24d96
Powered by blists - more mailing lists