DEBIAN-CVE-2022-49605

In the Linux kernel, the following vulnerability has been resolved: igc: Reinstate IGCREMOVED logic and implement it properly The initially merged version of the igc driver code (via commit 146740f9abc4, "igc: Add support for PF") contained the following IGCREMOVED checks in the igcrd32/wr32() MMIO accessors: u32 igcrd32(struct igc_hw *hw, u32 reg) { u8 __iomem hwaddr = READONCE(hw->hwaddr); u32 value = 0; if (IGCREMOVED(hwaddr)) return ~value; value = readl(&hwaddr[reg]); / reads should not return all F's / if (!(~value) && (!reg || !(~readl(hwaddr)))) hw->hwaddr = NULL; return value; } And: #define wr32(reg, val) \ do { \ u8 _iomem *hwaddr = READONCE((hw)->hwaddr); \ if (!IGCREMOVED(hwaddr)) \ writel((val), &hwaddr[(reg)]); \ } while (0) E.g. igb has similar checks in its MMIO accessors, and has a similar macro E1000REMOVED, which is implemented as follows: #define E1000REMOVED(h) unlikely(!(h)) These checks serve to detect and take note of an 0xffffffff MMIO read return from the device, which can be caused by a PCIe link flap or some other kind of PCI bus error, and to avoid performing MMIO reads and writes from that point onwards. However, the IGCREMOVED macro was not originally implemented: #ifndef IGCREMOVED #define IGCREMOVED(a) (0) #endif / IGCREMOVED */ This led to the IGCREMOVED logic to be removed entirely in a subsequent commit (commit 3c215fb18e70, "igc: remove IGCREMOVED function"), with the rationale that such checks matter only for virtualization and that igc does not support virtualization -- but a PCIe device can become detached even without virtualization being in use, and without proper checks, a PCIe bus error affecting an igc adapter will lead to various NULL pointer dereferences, as the first access after the error will set hw->hwaddr to NULL, and subsequent accesses will blindly dereference this now-NULL pointer. This patch reinstates the IGCREMOVED checks in igcrd32/wr32(), and implements IGCREMOVED the way it is done for igb, by checking for the unlikely() case of hwaddr being NULL. This change prevents the oopses seen when a PCIe link flap occurs on an igc adapter.