cve/published/2024/CVE-2024-43876.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-43876: PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup()

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup()

 Avoid large backtrace, it is sufficient to warn the user that there has
 been a link problem. Either the link has failed and the system is in need
 of maintenance, or the link continues to work and user has been informed.
 The message from the warning can be looked up in the sources.

 This makes an actual link issue less verbose.

 First of all, this controller has a limitation in that the controller
 driver has to assist the hardware with transition to L1 link state by
 writing L1IATN to PMCTRL register, the L1 and L0 link state switching
 is not fully automatic on this controller.

 In case of an ASMedia ASM1062 PCIe SATA controller which does not support
 ASPM, on entry to suspend or during platform pm_test, the SATA controller
 enters D3hot state and the link enters L1 state. If the SATA controller
 wakes up before rcar_pcie_wakeup() was called and returns to D0, the link
 returns to L0 before the controller driver even started its transition to
 L1 link state. At this point, the SATA controller did send an PM_ENTER_L1
 DLLP to the PCIe controller and the PCIe controller received it, and the
 PCIe controller did set PMSR PMEL1RX bit.

 Once rcar_pcie_wakeup() is called, if the link is already back in L0 state
 and PMEL1RX bit is set, the controller driver has no way to determine if
 it should perform the link transition to L1 state, or treat the link as if
 it is in L0 state. Currently the driver attempts to perform the transition
 to L1 link state unconditionally, which in this specific case fails with a
 PMSR L1FAEG poll timeout, however the link still works as it is already
 back in L0 state.

 Reduce this warning verbosity. In case the link is really broken, the
 rcar_pcie_config_access() would fail, otherwise it will succeed and any
 system with this controller and ASM1062 can suspend without generating
 a backtrace.

 The Linux kernel CVE team has assigned CVE-2024-43876 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 5.18 with commit 84b576146294c2be702cfcd174eaa74167e276f9 and fixed in 6.1.103 with commit 2ae4769332dfdb97f4b6f5dc9ac8f46d02aaa3df
 	Issue introduced in 5.18 with commit 84b576146294c2be702cfcd174eaa74167e276f9 and fixed in 6.6.44 with commit 526a877c6273d4cd0d0aede84c1d620479764b1c
 	Issue introduced in 5.18 with commit 84b576146294c2be702cfcd174eaa74167e276f9 and fixed in 6.10.3 with commit 3ff3bdde950f1840df4030726cef156758a244d7
 	Issue introduced in 5.18 with commit 84b576146294c2be702cfcd174eaa74167e276f9 and fixed in 6.11 with commit c93637e6a4c4e1d0e85ef7efac78d066bbb24d96

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-43876
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/pci/controller/pcie-rcar-host.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/2ae4769332dfdb97f4b6f5dc9ac8f46d02aaa3df
 	https://git.kernel.org/stable/c/526a877c6273d4cd0d0aede84c1d620479764b1c
 	https://git.kernel.org/stable/c/3ff3bdde950f1840df4030726cef156758a244d7
 	https://git.kernel.org/stable/c/c93637e6a4c4e1d0e85ef7efac78d066bbb24d96
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-43876: PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup()

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup()

	Avoid large backtrace, it is sufficient to warn the user that there has
	been a link problem. Either the link has failed and the system is in need
	of maintenance, or the link continues to work and user has been informed.
	The message from the warning can be looked up in the sources.

	This makes an actual link issue less verbose.

	First of all, this controller has a limitation in that the controller
	driver has to assist the hardware with transition to L1 link state by
	writing L1IATN to PMCTRL register, the L1 and L0 link state switching
	is not fully automatic on this controller.

	In case of an ASMedia ASM1062 PCIe SATA controller which does not support
	ASPM, on entry to suspend or during platform pm_test, the SATA controller
	enters D3hot state and the link enters L1 state. If the SATA controller
	wakes up before rcar_pcie_wakeup() was called and returns to D0, the link
	returns to L0 before the controller driver even started its transition to
	L1 link state. At this point, the SATA controller did send an PM_ENTER_L1
	DLLP to the PCIe controller and the PCIe controller received it, and the
	PCIe controller did set PMSR PMEL1RX bit.

	Once rcar_pcie_wakeup() is called, if the link is already back in L0 state
	and PMEL1RX bit is set, the controller driver has no way to determine if
	it should perform the link transition to L1 state, or treat the link as if
	it is in L0 state. Currently the driver attempts to perform the transition
	to L1 link state unconditionally, which in this specific case fails with a
	PMSR L1FAEG poll timeout, however the link still works as it is already
	back in L0 state.

	Reduce this warning verbosity. In case the link is really broken, the
	rcar_pcie_config_access() would fail, otherwise it will succeed and any
	system with this controller and ASM1062 can suspend without generating
	a backtrace.

	The Linux kernel CVE team has assigned CVE-2024-43876 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 5.18 with commit 84b576146294c2be702cfcd174eaa74167e276f9 and fixed in 6.1.103 with commit 2ae4769332dfdb97f4b6f5dc9ac8f46d02aaa3df
	Issue introduced in 5.18 with commit 84b576146294c2be702cfcd174eaa74167e276f9 and fixed in 6.6.44 with commit 526a877c6273d4cd0d0aede84c1d620479764b1c
	Issue introduced in 5.18 with commit 84b576146294c2be702cfcd174eaa74167e276f9 and fixed in 6.10.3 with commit 3ff3bdde950f1840df4030726cef156758a244d7
	Issue introduced in 5.18 with commit 84b576146294c2be702cfcd174eaa74167e276f9 and fixed in 6.11 with commit c93637e6a4c4e1d0e85ef7efac78d066bbb24d96

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-43876
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/pci/controller/pcie-rcar-host.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/2ae4769332dfdb97f4b6f5dc9ac8f46d02aaa3df
	https://git.kernel.org/stable/c/526a877c6273d4cd0d0aede84c1d620479764b1c
	https://git.kernel.org/stable/c/3ff3bdde950f1840df4030726cef156758a244d7
	https://git.kernel.org/stable/c/c93637e6a4c4e1d0e85ef7efac78d066bbb24d96