CVE-2022-48840

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-48840

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48840.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-48840

Related

Published

2024-07-16T13:15:11Z

Modified

2024-09-18T01:00:22Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

iavf: Fix hang during reboot/shutdown

Recent commit 974578017fc1 ("iavf: Add waiting so the port is initialized in remove") adds a wait-loop at the beginning of iavfremove() to ensure that port initialization is finished prior unregistering net device. This causes a regression in reboot/shutdown scenario because in this case callback iavfshutdown() is called and this callback detaches the device, makes it down if it is running and sets its state to _IAVFREMOVE. Later shutdown callback of associated PF driver (e.g. iceshutdown) is called. That callback calls among other things sriovdisable() that calls indirectly iavfremove() (see stack trace below). As the adapter state is already _IAVF_REMOVE then the mentioned loop is end-less and shutdown process hangs.

The patch fixes this by checking adapter's state at the beginning of iavf_remove() and skips the rest of the function if the adapter is already in remove state (shutdown is in progress).

Reproducer: 1. Create VF on PF driven by ice or i40e driver 2. Ensure that the VF is bound to iavf driver 3. Reboot

[52625.981294] sysrq: SysRq : Show Blocked State [52625.988377] task:reboot state:D stack: 0 pid:17359 ppid: 1 f2 [52625.996732] Call Trace: [52625.999187] _schedule+0x2d1/0x830 [52626.007400] schedule+0x35/0xa0 [52626.010545] schedulehrtimeoutrangeclock+0x83/0x100 [52626.020046] usleeprange+0x5b/0x80 [52626.023540] iavfremove+0x63/0x5b0 [iavf] [52626.027645] pcideviceremove+0x3b/0xc0 [52626.031572] devicereleasedriverinternal+0x103/0x1f0 [52626.036805] pcistopbusdevice+0x72/0xa0 [52626.040904] pcistopandremovebusdevice+0xe/0x20 [52626.045870] pciiovremovevirtfn+0xba/0x120 [52626.050232] sriovdisable+0x2f/0xe0 [52626.053813] icefreevfs+0x7c/0x340 [ice] [52626.057946] iceremove+0x220/0x240 [ice] [52626.061967] iceshutdown+0x16/0x50 [ice] [52626.065987] pcideviceshutdown+0x34/0x60 [52626.070086] deviceshutdown+0x165/0x1c5 [52626.074011] kernelrestart+0xe/0x30 [52626.077593] _dosysreboot+0x1d2/0x210 [52626.093815] dosyscall64+0x5b/0x1a0 [52626.097483] entrySYSCALL64afterhwframe+0x65/0xca

References

Affected packages

Debian:12 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.17.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.17.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}