cve/published/2021/CVE-2021-47019.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2021-47019: mt76: mt7921: fix possible invalid register access

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 mt76: mt7921: fix possible invalid register access

 Disable the interrupt and synchronze for the pending irq handlers to ensure
 the irq tasklet is not being scheduled after the suspend to avoid the
 possible invalid register access acts when the host pcie controller is
 suspended.

 [17932.910534] mt7921e 0000:01:00.0: pci_pm_suspend+0x0/0x22c returned 0 after 21375 usecs
 [17932.910590] pcieport 0000:00:00.0: calling pci_pm_suspend+0x0/0x22c @ 18565, parent: pci0000:00
 [17932.910602] pcieport 0000:00:00.0: pci_pm_suspend+0x0/0x22c returned 0 after 8 usecs
 [17932.910671] mtk-pcie 11230000.pcie: calling platform_pm_suspend+0x0/0x60 @ 22783, parent: soc
 [17932.910674] mtk-pcie 11230000.pcie: platform_pm_suspend+0x0/0x60 returned 0 after 0 usecs

 ...

 17933.615352] x1 : 00000000000d4200 x0 : ffffff8269ca2300
 [17933.620666] Call trace:
 [17933.623127]  mt76_mmio_rr+0x28/0xf0 [mt76]
 [17933.627234]  mt7921_rr+0x38/0x44 [mt7921e]
 [17933.631339]  mt7921_irq_tasklet+0x54/0x1d8 [mt7921e]
 [17933.636309]  tasklet_action_common+0x12c/0x16c
 [17933.640754]  tasklet_action+0x24/0x2c
 [17933.644418]  __do_softirq+0x16c/0x344
 [17933.648082]  irq_exit+0xa8/0xac
 [17933.651224]  scheduler_ipi+0xd4/0x148
 [17933.654890]  handle_IPI+0x164/0x2d4
 [17933.658379]  gic_handle_irq+0x140/0x178
 [17933.662216]  el1_irq+0xb8/0x180
 [17933.665361]  cpuidle_enter_state+0xf8/0x204
 [17933.669544]  cpuidle_enter+0x38/0x4c
 [17933.673122]  do_idle+0x1a4/0x2a8
 [17933.676352]  cpu_startup_entry+0x24/0x28
 [17933.680276]  rest_init+0xd4/0xe0
 [17933.683508]  arch_call_rest_init+0x10/0x18
 [17933.687606]  start_kernel+0x340/0x3b4
 [17933.691279] Code: aa0003f5 d503201f f953eaa8 8b344108 (b9400113)
 [17933.697373] ---[ end trace a24b8e26ffbda3c5 ]---
 [17933.767846] Kernel panic - not syncing: Fatal exception in interrupt

 The Linux kernel CVE team has assigned CVE-2021-47019 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 5.12 with commit ffa1bf97425bd511b105ce769976e20a845a71e9 and fixed in 5.12.4 with commit b13cbc536990ff609afa878b6211cd6f6265ba60
 	Issue introduced in 5.12 with commit ffa1bf97425bd511b105ce769976e20a845a71e9 and fixed in 5.13 with commit fe3fccde8870764ba3e60610774bd7bc9f8faeff

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2021-47019
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/net/wireless/mediatek/mt76/mt7921/pci.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/b13cbc536990ff609afa878b6211cd6f6265ba60
 	https://git.kernel.org/stable/c/fe3fccde8870764ba3e60610774bd7bc9f8faeff
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2021-47019: mt76: mt7921: fix possible invalid register access

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	mt76: mt7921: fix possible invalid register access

	Disable the interrupt and synchronze for the pending irq handlers to ensure
	the irq tasklet is not being scheduled after the suspend to avoid the
	possible invalid register access acts when the host pcie controller is
	suspended.

	[17932.910534] mt7921e 0000:01:00.0: pci_pm_suspend+0x0/0x22c returned 0 after 21375 usecs
	[17932.910590] pcieport 0000:00:00.0: calling pci_pm_suspend+0x0/0x22c @ 18565, parent: pci0000:00
	[17932.910602] pcieport 0000:00:00.0: pci_pm_suspend+0x0/0x22c returned 0 after 8 usecs
	[17932.910671] mtk-pcie 11230000.pcie: calling platform_pm_suspend+0x0/0x60 @ 22783, parent: soc
	[17932.910674] mtk-pcie 11230000.pcie: platform_pm_suspend+0x0/0x60 returned 0 after 0 usecs

	...

	17933.615352] x1 : 00000000000d4200 x0 : ffffff8269ca2300
	[17933.620666] Call trace:
	[17933.623127] mt76_mmio_rr+0x28/0xf0 [mt76]
	[17933.627234] mt7921_rr+0x38/0x44 [mt7921e]
	[17933.631339] mt7921_irq_tasklet+0x54/0x1d8 [mt7921e]
	[17933.636309] tasklet_action_common+0x12c/0x16c
	[17933.640754] tasklet_action+0x24/0x2c
	[17933.644418] __do_softirq+0x16c/0x344
	[17933.648082] irq_exit+0xa8/0xac
	[17933.651224] scheduler_ipi+0xd4/0x148
	[17933.654890] handle_IPI+0x164/0x2d4
	[17933.658379] gic_handle_irq+0x140/0x178
	[17933.662216] el1_irq+0xb8/0x180
	[17933.665361] cpuidle_enter_state+0xf8/0x204
	[17933.669544] cpuidle_enter+0x38/0x4c
	[17933.673122] do_idle+0x1a4/0x2a8
	[17933.676352] cpu_startup_entry+0x24/0x28
	[17933.680276] rest_init+0xd4/0xe0
	[17933.683508] arch_call_rest_init+0x10/0x18
	[17933.687606] start_kernel+0x340/0x3b4
	[17933.691279] Code: aa0003f5 d503201f f953eaa8 8b344108 (b9400113)
	[17933.697373] ---[ end trace a24b8e26ffbda3c5 ]---
	[17933.767846] Kernel panic - not syncing: Fatal exception in interrupt

	The Linux kernel CVE team has assigned CVE-2021-47019 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 5.12 with commit ffa1bf97425bd511b105ce769976e20a845a71e9 and fixed in 5.12.4 with commit b13cbc536990ff609afa878b6211cd6f6265ba60
	Issue introduced in 5.12 with commit ffa1bf97425bd511b105ce769976e20a845a71e9 and fixed in 5.13 with commit fe3fccde8870764ba3e60610774bd7bc9f8faeff

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2021-47019
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/net/wireless/mediatek/mt76/mt7921/pci.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/b13cbc536990ff609afa878b6211cd6f6265ba60
	https://git.kernel.org/stable/c/fe3fccde8870764ba3e60610774bd7bc9f8faeff