| { |
| "containers": { |
| "cna": { |
| "providerMetadata": { |
| "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" |
| }, |
| "descriptions": [ |
| { |
| "lang": "en", |
| "value": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: entry: always set GIC_PRIO_PSR_I_SET during entry\n\nZenghui reports that booting a kernel with \"irqchip.gicv3_pseudo_nmi=1\"\non the command line hits a warning during kernel entry, due to the way\nwe manipulate the PMR.\n\nEarly in the entry sequence, we call lockdep_hardirqs_off() to inform\nlockdep that interrupts have been masked (as the HW sets DAIF wqhen\nentering an exception). Architecturally PMR_EL1 is not affected by\nexception entry, and we don't set GIC_PRIO_PSR_I_SET in the PMR early in\nthe exception entry sequence, so early in exception entry the PMR can\nindicate that interrupts are unmasked even though they are masked by\nDAIF.\n\nIf DEBUG_LOCKDEP is selected, lockdep_hardirqs_off() will check that\ninterrupts are masked, before we set GIC_PRIO_PSR_I_SET in any of the\nexception entry paths, and hence lockdep_hardirqs_off() will WARN() that\nsomething is amiss.\n\nWe can avoid this by consistently setting GIC_PRIO_PSR_I_SET during\nexception entry so that kernel code sees a consistent environment. We\nmust also update local_daif_inherit() to undo this, as currently only\ntouches DAIF. For other paths, local_daif_restore() will update both\nDAIF and the PMR. With this done, we can remove the existing special\ncases which set this later in the entry code.\n\nWe always use (GIC_PRIO_IRQON | GIC_PRIO_PSR_I_SET) for consistency with\nlocal_daif_save(), as this will warn if it ever encounters\n(GIC_PRIO_IRQOFF | GIC_PRIO_PSR_I_SET), and never sets this itself. This\nmatches the gic_prio_kentry_setup that we have to retain for\nret_to_user.\n\nThe original splat from Zenghui's report was:\n\n| DEBUG_LOCKS_WARN_ON(!irqs_disabled())\n| WARNING: CPU: 3 PID: 125 at kernel/locking/lockdep.c:4258 lockdep_hardirqs_off+0xd4/0xe8\n| Modules linked in:\n| CPU: 3 PID: 125 Comm: modprobe Tainted: G W 5.12.0-rc8+ #463\n| Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015\n| pstate: 604003c5 (nZCv DAIF +PAN -UAO -TCO BTYPE=--)\n| pc : lockdep_hardirqs_off+0xd4/0xe8\n| lr : lockdep_hardirqs_off+0xd4/0xe8\n| sp : ffff80002a39bad0\n| pmr_save: 000000e0\n| x29: ffff80002a39bad0 x28: ffff0000de214bc0\n| x27: ffff0000de1c0400 x26: 000000000049b328\n| x25: 0000000000406f30 x24: ffff0000de1c00a0\n| x23: 0000000020400005 x22: ffff8000105f747c\n| x21: 0000000096000044 x20: 0000000000498ef9\n| x19: ffff80002a39bc88 x18: ffffffffffffffff\n| x17: 0000000000000000 x16: ffff800011c61eb0\n| x15: ffff800011700a88 x14: 0720072007200720\n| x13: 0720072007200720 x12: 0720072007200720\n| x11: 0720072007200720 x10: 0720072007200720\n| x9 : ffff80002a39bad0 x8 : ffff80002a39bad0\n| x7 : ffff8000119f0800 x6 : c0000000ffff7fff\n| x5 : ffff8000119f07a8 x4 : 0000000000000001\n| x3 : 9bcdab23f2432800 x2 : ffff800011730538\n| x1 : 9bcdab23f2432800 x0 : 0000000000000000\n| Call trace:\n| lockdep_hardirqs_off+0xd4/0xe8\n| enter_from_kernel_mode.isra.5+0x7c/0xa8\n| el1_abort+0x24/0x100\n| el1_sync_handler+0x80/0xd0\n| el1_sync+0x6c/0x100\n| __arch_clear_user+0xc/0x90\n| load_elf_binary+0x9fc/0x1450\n| bprm_execve+0x404/0x880\n| kernel_execve+0x180/0x188\n| call_usermodehelper_exec_async+0xdc/0x158\n| ret_from_fork+0x10/0x18" |
| } |
| ], |
| "affected": [ |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "unaffected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "arch/arm64/include/asm/daifflags.h", |
| "arch/arm64/kernel/entry-common.c", |
| "arch/arm64/kernel/entry.S" |
| ], |
| "versions": [ |
| { |
| "version": "23529049c68423820487304f244144e0d576e85a", |
| "lessThan": "51524fa8b5f7b879ba569227738375d283b79382", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "23529049c68423820487304f244144e0d576e85a", |
| "lessThan": "e67a83f078005461b59b4c776e6b5addd11725fa", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "23529049c68423820487304f244144e0d576e85a", |
| "lessThan": "d8d52005f57bbb4a4ec02f647e2555d327135c68", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "23529049c68423820487304f244144e0d576e85a", |
| "lessThan": "4d6a38da8e79e94cbd1344aa90876f0f805db705", |
| "status": "affected", |
| "versionType": "git" |
| } |
| ] |
| }, |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "affected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "arch/arm64/include/asm/daifflags.h", |
| "arch/arm64/kernel/entry-common.c", |
| "arch/arm64/kernel/entry.S" |
| ], |
| "versions": [ |
| { |
| "version": "5.10", |
| "status": "affected" |
| }, |
| { |
| "version": "0", |
| "lessThan": "5.10", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.10.38", |
| "lessThanOrEqual": "5.10.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.11.22", |
| "lessThanOrEqual": "5.11.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.12.5", |
| "lessThanOrEqual": "5.12.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.13", |
| "lessThanOrEqual": "*", |
| "status": "unaffected", |
| "versionType": "original_commit_for_fix" |
| } |
| ] |
| } |
| ], |
| "cpeApplicability": [ |
| { |
| "nodes": [ |
| { |
| "operator": "OR", |
| "negate": false, |
| "cpeMatch": [ |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.10", |
| "versionEndExcluding": "5.10.38" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.10", |
| "versionEndExcluding": "5.11.22" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.10", |
| "versionEndExcluding": "5.12.5" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.10", |
| "versionEndExcluding": "5.13" |
| } |
| ] |
| } |
| ] |
| } |
| ], |
| "references": [ |
| { |
| "url": "https://git.kernel.org/stable/c/51524fa8b5f7b879ba569227738375d283b79382" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/e67a83f078005461b59b4c776e6b5addd11725fa" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/d8d52005f57bbb4a4ec02f647e2555d327135c68" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/4d6a38da8e79e94cbd1344aa90876f0f805db705" |
| } |
| ], |
| "title": "arm64: entry: always set GIC_PRIO_PSR_I_SET during entry", |
| "x_generator": { |
| "engine": "bippy-1.2.0" |
| } |
| } |
| }, |
| "cveMetadata": { |
| "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", |
| "cveID": "CVE-2021-46997", |
| "requesterUserId": "gregkh@kernel.org", |
| "serial": "1", |
| "state": "PUBLISHED" |
| }, |
| "dataType": "CVE_RECORD", |
| "dataVersion": "5.0" |
| } |
