From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-cve-announce@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Subject: CVE-2024-26788: dmaengine: fsl-qdma: init irq after reg initialization
Date: Thu, 4 Apr 2024 10:23:05 +0200 [thread overview]
Message-ID: <2024040400-CVE-2024-26788-1f84@gregkh> (raw)
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: fsl-qdma: init irq after reg initialization
Initialize the qDMA irqs after the registers are configured so that
interrupts that may have been pending from a primary kernel don't get
processed by the irq handler before it is ready to and cause panic with
the following trace:
Call trace:
fsl_qdma_queue_handler+0xf8/0x3e8
__handle_irq_event_percpu+0x78/0x2b0
handle_irq_event_percpu+0x1c/0x68
handle_irq_event+0x44/0x78
handle_fasteoi_irq+0xc8/0x178
generic_handle_irq+0x24/0x38
__handle_domain_irq+0x90/0x100
gic_handle_irq+0x5c/0xb8
el1_irq+0xb8/0x180
_raw_spin_unlock_irqrestore+0x14/0x40
__setup_irq+0x4bc/0x798
request_threaded_irq+0xd8/0x190
devm_request_threaded_irq+0x74/0xe8
fsl_qdma_probe+0x4d4/0xca8
platform_drv_probe+0x50/0xa0
really_probe+0xe0/0x3f8
driver_probe_device+0x64/0x130
device_driver_attach+0x6c/0x78
__driver_attach+0xbc/0x158
bus_for_each_dev+0x5c/0x98
driver_attach+0x20/0x28
bus_add_driver+0x158/0x220
driver_register+0x60/0x110
__platform_driver_register+0x44/0x50
fsl_qdma_driver_init+0x18/0x20
do_one_initcall+0x48/0x258
kernel_init_freeable+0x1a4/0x23c
kernel_init+0x10/0xf8
ret_from_fork+0x10/0x18
The Linux kernel CVE team has assigned CVE-2024-26788 to this issue.
Affected and fixed versions
===========================
Issue introduced in 5.1 with commit b092529e0aa0 and fixed in 5.4.271 with commit 3cc5fb824c21
Issue introduced in 5.1 with commit b092529e0aa0 and fixed in 5.10.212 with commit 9579a21e99fe
Issue introduced in 5.1 with commit b092529e0aa0 and fixed in 5.15.151 with commit 4529c084a320
Issue introduced in 5.1 with commit b092529e0aa0 and fixed in 6.1.81 with commit 474d521da890
Issue introduced in 5.1 with commit b092529e0aa0 and fixed in 6.6.21 with commit a69c8bbb9469
Issue introduced in 5.1 with commit b092529e0aa0 and fixed in 6.7.9 with commit 677102a93064
Issue introduced in 5.1 with commit b092529e0aa0 and fixed in 6.8 with commit 87a39071e0b6
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2024-26788
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
drivers/dma/fsl-qdma.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/3cc5fb824c2125aa3740d905b3e5b378c8a09478
https://git.kernel.org/stable/c/9579a21e99fe8dab22a253050ddff28d340d74e1
https://git.kernel.org/stable/c/4529c084a320be78ff2c5e64297ae998c6fdf66b
https://git.kernel.org/stable/c/474d521da890b3e3585335fb80a6044cb2553d99
https://git.kernel.org/stable/c/a69c8bbb946936ac4eb6a6ae1e849435aa8d947d
https://git.kernel.org/stable/c/677102a930643c31f1b4c512b041407058bdfef8
https://git.kernel.org/stable/c/87a39071e0b639f45e05d296cc0538eef44ec0bd
reply other threads:[~2024-04-04 8:24 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2024040400-CVE-2024-26788-1f84@gregkh \
--to=gregkh@linuxfoundation.org \
--cc=cve@kernel.org \
--cc=linux-cve-announce@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).