CVE-2021-47189

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-47189

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-47189.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-47189

Related

Published

2024-04-10T19:15:47Z

Modified

2024-09-18T03:17:22.239238Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix memory ordering between normal and ordered work functions

Ordered work functions aren't guaranteed to be handled by the same thread which executed the normal work functions. The only way execution between normal/ordered functions is synchronized is via the WORKDONEBIT, unfortunately the used bitops don't guarantee any ordering whatsoever.

This manifested as seemingly inexplicable crashes on ARM64, where asyncchunk::inode is seen as non-null in asynccowsubmit which causes submitcompressedextents to be called and crash occurs because asyncchunk::inode suddenly became NULL. The call trace was similar to:

pc : submit_compressed_extents+0x38/0x3d0
lr : async_cow_submit+0x50/0xd0
sp : ffff800015d4bc20

&lt;registers omitted for brevity>

Call trace:
 submit_compressed_extents+0x38/0x3d0
 async_cow_submit+0x50/0xd0
 run_ordered_work+0xc8/0x280
 btrfs_work_helper+0x98/0x250
 process_one_work+0x1f0/0x4ac
 worker_thread+0x188/0x504
 kthread+0x110/0x114
 ret_from_fork+0x10/0x18

Fix this by adding respective barrier calls which ensure that all accesses preceding setting of WORKDONEBIT are strictly ordered before setting the flag. At the same time add a read barrier after reading of WORKDONEBIT in runorderedwork which ensures all subsequent loads would be strictly ordered after reading the bit. This in turn ensures are all accesses before WORKDONEBIT are going to be strictly ordered before any access that can occur in ordered_func.

References

Affected packages

Debian:11 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.10.84-1

Affected versions

5.*

5.10.46-4

5.10.46-5

5.10.70-1~bpo10+1

5.10.70-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.5-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.5-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}