APPLIED: [SRU][F 0/2][J 0/1][PATCH] CVE-2024-38553, CVE-2024-38597

Stefan Bader stefan.bader at canonical.com
Fri Nov 22 14:29:20 UTC 2024 

On 18.11.24 17:53, Massimiliano Pellizzer wrote:
> [Impact]
> 
> eth: sungem: remove .ndo_poll_controller to avoid deadlocks
> 
> Erhard reports netpoll warnings from sungem:
> 
>    netpoll_send_skb_on_dev(): eth0 enabled interrupts in poll (gem_start_xmit+0x0/0x398)
>    WARNING: CPU: 1 PID: 1 at net/core/netpoll.c:370 netpoll_send_skb+0x1fc/0x20c
> 
> gem_poll_controller() disables interrupts, which may sleep.
> We can't sleep in netpoll, it has interrupts disabled completely.
> Strangely, gem_poll_controller() doesn't even poll the completions,
> and instead acts as if an interrupt has fired so it just schedules
> NAPI and exits. None of this has been necessary for years, since
> netpoll invokes NAPI directly.
> 
> net: fec: remove .ndo_poll_controller to avoid deadlocks
> 
> There is a deadlock issue found in sungem driver.
> The root cause of the issue is that netpoll is in atomic
> context and disable_irq() is called by .ndo_poll_controller interface
> of sungem driver, however, disable_irq() might sleep. After analyzing
> the implementation of fec_poll_controller(), the fec driver should have
> the same issue. Due to the fec driver uses NAPI for TX completions, the
> .ndo_poll_controller is unnecessary to be implemented in the fec driver,
> so fec_poll_controller() can be safely removed.
> 
> [Fix]
> 
> Noble: 	Fixed
> Jammy: 	Backported only the fix for CVE-2024-38553 since Jammy is not
> 	affected by CVE-2024-38597
> Focal: 	Backported the fix commits for both CVE-2024-38553 and CVE-2024-38597
> Bionic: Sent to ESM ML
> Xenial: Sent to ESM ML
> 
> [Test Case]
> 
> Compile tested only.
> 
> [Where problems could occur]
> 
> The fix affects both the ethernet sungem driver and the freescale fec driver.
> An issue with this fix may lead to system instability when interacting with
> both of them, potentially disrupting network connectivity.
> 
> [Note]
> 
> The patches for CVE-2024-38553 and CVE-2024-38597 have been grouped
> together since they solve the same problem but in two different drivers,
> moreover the share the same prereqs.
> 
> Jakub Kicinski (1):
>    eth: sungem: remove .ndo_poll_controller to avoid deadlocks
> 
> Wei Fang (1):
>    net: fec: remove .ndo_poll_controller to avoid deadlocks
> 
>   drivers/net/ethernet/freescale/fec_main.c | 26 -----------------------
>   drivers/net/ethernet/sun/sungem.c         | 14 ------------
>   2 files changed, 40 deletions(-)
> 

Applied to jammy,focal:linux/master-next. Thanks.

-Stefan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE8675DEECBEECEA3.asc
Type: application/pgp-keys
Size: 48643 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20241122/0204a53e/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20241122/0204a53e/attachment-0001.sig>

More information about the kernel-team mailing list