[SRU][F 0/2][J 0/1][PATCH] CVE-2024-38553, CVE-2024-38597

Massimiliano Pellizzer massimiliano.pellizzer at canonical.com
Mon Nov 18 16:53:48 UTC 2024 

[Impact]

eth: sungem: remove .ndo_poll_controller to avoid deadlocks

Erhard reports netpoll warnings from sungem:

  netpoll_send_skb_on_dev(): eth0 enabled interrupts in poll (gem_start_xmit+0x0/0x398)
  WARNING: CPU: 1 PID: 1 at net/core/netpoll.c:370 netpoll_send_skb+0x1fc/0x20c

gem_poll_controller() disables interrupts, which may sleep.
We can't sleep in netpoll, it has interrupts disabled completely.
Strangely, gem_poll_controller() doesn't even poll the completions,
and instead acts as if an interrupt has fired so it just schedules
NAPI and exits. None of this has been necessary for years, since
netpoll invokes NAPI directly.

net: fec: remove .ndo_poll_controller to avoid deadlocks

There is a deadlock issue found in sungem driver.
The root cause of the issue is that netpoll is in atomic
context and disable_irq() is called by .ndo_poll_controller interface
of sungem driver, however, disable_irq() might sleep. After analyzing
the implementation of fec_poll_controller(), the fec driver should have
the same issue. Due to the fec driver uses NAPI for TX completions, the
.ndo_poll_controller is unnecessary to be implemented in the fec driver,
so fec_poll_controller() can be safely removed.

[Fix]

Noble: 	Fixed
Jammy: 	Backported only the fix for CVE-2024-38553 since Jammy is not
	affected by CVE-2024-38597
Focal: 	Backported the fix commits for both CVE-2024-38553 and CVE-2024-38597
Bionic: Sent to ESM ML
Xenial: Sent to ESM ML

[Test Case]

Compile tested only.

[Where problems could occur]

The fix affects both the ethernet sungem driver and the freescale fec driver.
An issue with this fix may lead to system instability when interacting with
both of them, potentially disrupting network connectivity.

[Note]

The patches for CVE-2024-38553 and CVE-2024-38597 have been grouped
together since they solve the same problem but in two different drivers,
moreover the share the same prereqs.

Jakub Kicinski (1):
  eth: sungem: remove .ndo_poll_controller to avoid deadlocks

Wei Fang (1):
  net: fec: remove .ndo_poll_controller to avoid deadlocks

 drivers/net/ethernet/freescale/fec_main.c | 26 -----------------------
 drivers/net/ethernet/sun/sungem.c         | 14 ------------
 2 files changed, 40 deletions(-)

-- 
2.43.0

More information about the kernel-team mailing list