CVE-2021-47449

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-47449
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-47449.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-47449
Related
Published
2024-05-22T07:15:10Z
Modified
2024-09-18T01:00:19Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

ice: fix locking for Tx timestamp tracking flush

Commit 4dd0d5c33c3e ("ice: add lock around Tx timestamp tracker flush") added a lock around the Tx timestamp tracker flow which is used to cleanup any left over SKBs and prepare for device removal.

This lock is problematic because it is being held around a call to iceclearphy_tstamp. The clear function takes a mutex to send a PHY write command to firmware. This could lead to a deadlock if the mutex actually sleeps, and causes the following warning on a kernel with preemption debugging enabled:

[ 715.419426] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:573 [ 715.427900] inatomic(): 1, irqsdisabled(): 0, nonblock: 0, pid: 3100, name: rmmod [ 715.435652] INFO: lockdep is turned off. [ 715.439591] Preemption disabled at: [ 715.439594] [<0000000000000000>] 0x0 [ 715.446678] CPU: 52 PID: 3100 Comm: rmmod Tainted: G W OE 5.15.0-rc4+ #42 bdd7ec3018e725f159ca0d372ce8c2c0e784891c [ 715.458058] Hardware name: Intel Corporation S2600STQ/S2600STQ, BIOS SE5C620.86B.02.01.0010.010620200716 01/06/2020 [ 715.468483] Call Trace: [ 715.470940] dumpstacklvl+0x6a/0x9a [ 715.474613] _mightsleep.cold+0x224/0x26a [ 715.478895] _mutexlock+0xb3/0x1440 [ 715.482569] ? stackdepotsave+0x378/0x500 [ 715.486763] ? icesqsendcmd+0x78/0x14c0 [ice 9a7e1ec00971c89ecd3fe0d4dc7da2b3786a421d] [ 715.494979] ? kfree+0xc1/0x520 [ 715.498128] ? mutexlockionested+0x12a0/0x12a0 [ 715.502837] ? kasansetfreeinfo+0x20/0x30 [ 715.507110] ? _kasanslabfree+0x10b/0x140 [ 715.511385] ? slabfreefreelisthook+0xc7/0x220 [ 715.516092] ? kfree+0xc1/0x520 [ 715.519235] ? icedeinitlag+0x16c/0x220 [ice 9a7e1ec00971c89ecd3fe0d4dc7da2b3786a421d] [ 715.527359] ? iceremove+0x1cf/0x6a0 [ice 9a7e1ec00971c89ecd3fe0d4dc7da2b3786a421d] [ 715.535133] ? pcideviceremove+0xab/0x1d0 [ 715.539318] ? _devicereleasedriver+0x35b/0x690 [ 715.544110] ? driverdetach+0x214/0x2f0 [ 715.548035] ? busremovedriver+0x11d/0x2f0 [ 715.552309] ? pciunregisterdriver+0x26/0x250 [ 715.556840] ? icemoduleexit+0xc/0x2f [ice 9a7e1ec00971c89ecd3fe0d4dc7da2b3786a421d] [ 715.564799] ? _dosysdeletemodule.constprop.0+0x2d8/0x4e0 [ 715.570554] ? dosyscall64+0x3b/0x90 [ 715.574303] ? entrySYSCALL64afterhwframe+0x44/0xae [ 715.579529] ? startflushwork+0x542/0x8f0 [ 715.583719] ? icesqsendcmd+0x78/0x14c0 [ice 9a7e1ec00971c89ecd3fe0d4dc7da2b3786a421d] [ 715.591923] icesqsendcmd+0x78/0x14c0 [ice 9a7e1ec00971c89ecd3fe0d4dc7da2b3786a421d] [ 715.599960] ? waitforcompletionio+0x250/0x250 [ 715.604662] ? lockacquire+0x196/0x200 [ 715.608504] ? dorawspintrylock+0xa5/0x160 [ 715.612864] icesbqrwreg+0x1e6/0x2f0 [ice 9a7e1ec00971c89ecd3fe0d4dc7da2b3786a421d] [ 715.620813] ? icereset+0x130/0x130 [ice 9a7e1ec00971c89ecd3fe0d4dc7da2b3786a421d] [ 715.628497] ? _debugchecknoobjfreed+0x1e8/0x3c0 [ 715.633550] ? tracehardirqson+0x1c/0x130 [ 715.637748] icewritephyrege810+0x70/0xf0 [ice 9a7e1ec00971c89ecd3fe0d4dc7da2b3786a421d] [ 715.646220] ? dorawspintrylock+0xa5/0x160 [ 715.650581] ? iceptprelease+0x910/0x910 [ice 9a7e1ec00971c89ecd3fe0d4dc7da2b3786a421d] [ 715.658797] ? iceptprelease+0x255/0x910 [ice 9a7e1ec00971c89ecd3fe0d4dc7da2b3786a421d] [ 715.667013] iceclearphytstamp+0x2c/0x110 [ice 9a7e1ec00971c89ecd3fe0d4dc7da2b3786a421d] [ 715.675403] iceptprelease+0x408/0x910 [ice 9a7e1ec00971c89ecd3fe0d4dc7da2b3786a421d] [ 715.683440] iceremove+0x560/0x6a0 [ice 9a7e1ec00971c89ecd3fe0d4dc7da2b3786a421d] [ 715.691037] ? _rawspinunlockirqrestore+0x46/0x73 [ 715.696005] pcideviceremove+0xab/0x1d0 [ 715.700018] _devicereleasedriver+0x35b/0x690 [ 715.704637] driverdetach+0x214/0x2f0 [ 715.708389] busremovedriver+0x11d/0x2f0 [ 715.712489] pciunregisterdriver+0x26/0x250 [ 71 ---truncated---

References

Affected packages

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.16-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.16-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}