ACK: [SRU][F 0/2][J 0/1][PATCH] CVE-2024-38553, CVE-2024-38597

Yuxuan Luo yuxuan.luo at canonical.com
Wed Nov 20 19:14:42 UTC 2024 

On Mon, Nov 18, 2024 at 05:53:48PM +0100, Massimiliano Pellizzer wrote:
Acked-by: Yuxuan Luo <yuxuan.luo at canonical.com>
> [Impact]
> 
> eth: sungem: remove .ndo_poll_controller to avoid deadlocks
> 
> Erhard reports netpoll warnings from sungem:
> 
>   netpoll_send_skb_on_dev(): eth0 enabled interrupts in poll (gem_start_xmit+0x0/0x398)
>   WARNING: CPU: 1 PID: 1 at net/core/netpoll.c:370 netpoll_send_skb+0x1fc/0x20c
> 
> gem_poll_controller() disables interrupts, which may sleep.
> We can't sleep in netpoll, it has interrupts disabled completely.
> Strangely, gem_poll_controller() doesn't even poll the completions,
> and instead acts as if an interrupt has fired so it just schedules
> NAPI and exits. None of this has been necessary for years, since
> netpoll invokes NAPI directly.
> 
> net: fec: remove .ndo_poll_controller to avoid deadlocks
> 
> There is a deadlock issue found in sungem driver.
> The root cause of the issue is that netpoll is in atomic
> context and disable_irq() is called by .ndo_poll_controller interface
> of sungem driver, however, disable_irq() might sleep. After analyzing
> the implementation of fec_poll_controller(), the fec driver should have
> the same issue. Due to the fec driver uses NAPI for TX completions, the
> .ndo_poll_controller is unnecessary to be implemented in the fec driver,
> so fec_poll_controller() can be safely removed.
> 
> [Fix]
> 
> Noble: 	Fixed
> Jammy: 	Backported only the fix for CVE-2024-38553 since Jammy is not
> 	affected by CVE-2024-38597
> Focal: 	Backported the fix commits for both CVE-2024-38553 and CVE-2024-38597
> Bionic: Sent to ESM ML
> Xenial: Sent to ESM ML
> 
> [Test Case]
> 
> Compile tested only.
> 
> [Where problems could occur]
> 
> The fix affects both the ethernet sungem driver and the freescale fec driver.
> An issue with this fix may lead to system instability when interacting with
> both of them, potentially disrupting network connectivity.
> 
> [Note]
> 
> The patches for CVE-2024-38553 and CVE-2024-38597 have been grouped
> together since they solve the same problem but in two different drivers,
> moreover the share the same prereqs.
> 
> Jakub Kicinski (1):
>   eth: sungem: remove .ndo_poll_controller to avoid deadlocks
> 
> Wei Fang (1):
>   net: fec: remove .ndo_poll_controller to avoid deadlocks
> 
>  drivers/net/ethernet/freescale/fec_main.c | 26 -----------------------
>  drivers/net/ethernet/sun/sungem.c         | 14 ------------
>  2 files changed, 40 deletions(-)
> 
> -- 
> 2.43.0
> 
> 
> -- 
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team

More information about the kernel-team mailing list