CVE-2024-27057: ASoC: SOF: ipc4-pcm: Workaround for crashed firmware on system suspend - Greg Kroah-Hartman

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-cve-announce@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Subject: CVE-2024-27057: ASoC: SOF: ipc4-pcm: Workaround for crashed firmware on system suspend
Date: Wed,  1 May 2024 14:57:42 +0200	[thread overview]
Message-ID: <2024050116-CVE-2024-27057-c0fb@gregkh> (raw)

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

ASoC: SOF: ipc4-pcm: Workaround for crashed firmware on system suspend

When the system is suspended while audio is active, the
sof_ipc4_pcm_hw_free() is invoked to reset the pipelines since during
suspend the DSP is turned off, streams will be re-started after resume.

If the firmware crashes during while audio is running (or when we reset
the stream before suspend) then the sof_ipc4_set_multi_pipeline_state()
will fail with IPC error and the state change is interrupted.
This will cause misalignment between the kernel and firmware state on next
DSP boot resulting errors returned by firmware for IPC messages, eventually
failing the audio resume.
On stream close the errors are ignored so the kernel state will be
corrected on the next DSP boot, so the second boot after the DSP panic.

If sof_ipc4_trigger_pipelines() is called from sof_ipc4_pcm_hw_free() then
state parameter is SOF_IPC4_PIPE_RESET and only in this case.

Treat a forced pipeline reset similarly to how we treat a pcm_free by
ignoring error on state sending to allow the kernel's state to be
consistent with the state the firmware will have after the next boot.

The Linux kernel CVE team has assigned CVE-2024-27057 to this issue.

Affected and fixed versions
===========================

	Fixed in 6.6.23 with commit 3cac6eebea9b
	Fixed in 6.7.11 with commit d153e8b154f9
	Fixed in 6.8 with commit c40aad7c81e5

Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.

Unaffected versions might change over time as fixes are backported to
older supported kernel versions.  The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-27057
will be updated if fixes are backported, please check that for the most
up to date information about this issue.

Affected files
==============

The file(s) affected by this issue are:
	sound/soc/sof/ipc4-pcm.c

Mitigation
==========

The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes.  Individual
changes are never tested alone, but rather are part of a larger kernel
release.  Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all.  If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
	https://git.kernel.org/stable/c/3cac6eebea9b4bc5f041e157e45c76e212ad6759
	https://git.kernel.org/stable/c/d153e8b154f9746ac969c85a4e6474760453647c
	https://git.kernel.org/stable/c/c40aad7c81e5fba34b70123ed7ce3397fa62a4d2