cve/published/2024/CVE-2024-50157.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-50157: RDMA/bnxt_re: Avoid CPU lockups due fifo occupancy check loop

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 RDMA/bnxt_re: Avoid CPU lockups due fifo occupancy check loop

 Driver waits indefinitely for the fifo occupancy to go below a threshold
 as soon as the pacing interrupt is received. This can cause soft lockup on
 one of the processors, if the rate of DB is very high.

 Add a loop count for FPGA and exit the __wait_for_fifo_occupancy_below_th
 if the loop is taking more time. Pacing will be continuing until the
 occupancy is below the threshold. This is ensured by the checks in
 bnxt_re_pacing_timer_exp and further scheduling the work for pacing based
 on the fifo occupancy.

 The Linux kernel CVE team has assigned CVE-2024-50157 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 6.6 with commit 2ad4e6303a6d7518632739eaf67821a3553db1bd and fixed in 6.6.75 with commit 7998e7efd1d557af118ac96f48ebc569b929b555
 	Issue introduced in 6.6 with commit 2ad4e6303a6d7518632739eaf67821a3553db1bd and fixed in 6.11.6 with commit 2fb6b2e82413e401b72dfeacd7a60416fcfc5b41
 	Issue introduced in 6.6 with commit 2ad4e6303a6d7518632739eaf67821a3553db1bd and fixed in 6.12 with commit 8be3e5b0c96beeefe9d5486b96575d104d3e7d17

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-50157
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/infiniband/hw/bnxt_re/main.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/7998e7efd1d557af118ac96f48ebc569b929b555
 	https://git.kernel.org/stable/c/2fb6b2e82413e401b72dfeacd7a60416fcfc5b41
 	https://git.kernel.org/stable/c/8be3e5b0c96beeefe9d5486b96575d104d3e7d17
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-50157: RDMA/bnxt_re: Avoid CPU lockups due fifo occupancy check loop

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	RDMA/bnxt_re: Avoid CPU lockups due fifo occupancy check loop

	Driver waits indefinitely for the fifo occupancy to go below a threshold
	as soon as the pacing interrupt is received. This can cause soft lockup on
	one of the processors, if the rate of DB is very high.

	Add a loop count for FPGA and exit the __wait_for_fifo_occupancy_below_th
	if the loop is taking more time. Pacing will be continuing until the
	occupancy is below the threshold. This is ensured by the checks in
	bnxt_re_pacing_timer_exp and further scheduling the work for pacing based
	on the fifo occupancy.

	The Linux kernel CVE team has assigned CVE-2024-50157 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 6.6 with commit 2ad4e6303a6d7518632739eaf67821a3553db1bd and fixed in 6.6.75 with commit 7998e7efd1d557af118ac96f48ebc569b929b555
	Issue introduced in 6.6 with commit 2ad4e6303a6d7518632739eaf67821a3553db1bd and fixed in 6.11.6 with commit 2fb6b2e82413e401b72dfeacd7a60416fcfc5b41
	Issue introduced in 6.6 with commit 2ad4e6303a6d7518632739eaf67821a3553db1bd and fixed in 6.12 with commit 8be3e5b0c96beeefe9d5486b96575d104d3e7d17

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-50157
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/infiniband/hw/bnxt_re/main.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/7998e7efd1d557af118ac96f48ebc569b929b555
	https://git.kernel.org/stable/c/2fb6b2e82413e401b72dfeacd7a60416fcfc5b41
	https://git.kernel.org/stable/c/8be3e5b0c96beeefe9d5486b96575d104d3e7d17