cve/published/2022/CVE-2022-49433.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2022-49433: RDMA/hfi1: Prevent use of lock before it is initialized

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 RDMA/hfi1: Prevent use of lock before it is initialized

 If there is a failure during probe of hfi1 before the sdma_map_lock is
 initialized, the call to hfi1_free_devdata() will attempt to use a lock
 that has not been initialized. If the locking correctness validator is on
 then an INFO message and stack trace resembling the following may be seen:

   INFO: trying to register non-static key.
   The code is fine but needs lockdep annotation, or maybe
   you didn't initialize this object before use?
   turning off the locking correctness validator.
   Call Trace:
   register_lock_class+0x11b/0x880
   __lock_acquire+0xf3/0x7930
   lock_acquire+0xff/0x2d0
   _raw_spin_lock_irq+0x46/0x60
   sdma_clean+0x42a/0x660 [hfi1]
   hfi1_free_devdata+0x3a7/0x420 [hfi1]
   init_one+0x867/0x11a0 [hfi1]
   pci_device_probe+0x40e/0x8d0

 The use of sdma_map_lock in sdma_clean() is for freeing the sdma_map
 memory, and sdma_map is not allocated/initialized until after
 sdma_map_lock has been initialized. This code only needs to be run if
 sdma_map is not NULL, and so checking for that condition will avoid trying
 to use the lock before it is initialized.

 The Linux kernel CVE team has assigned CVE-2022-49433 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 4.3 with commit 7724105686e718ac476a6ad3304fea2fbcfcffde and fixed in 4.19.247 with commit 66090815a24ce14cf51ef5453fc0218fe8a39bc2
 	Issue introduced in 4.3 with commit 7724105686e718ac476a6ad3304fea2fbcfcffde and fixed in 5.4.198 with commit addb192000d8819c0b1553453994df9bb54c28db
 	Issue introduced in 4.3 with commit 7724105686e718ac476a6ad3304fea2fbcfcffde and fixed in 5.10.121 with commit fc0750e659db7b315bf6348902cc8ca3cdd4b8d8
 	Issue introduced in 4.3 with commit 7724105686e718ac476a6ad3304fea2fbcfcffde and fixed in 5.15.46 with commit ca55150bff5817af4f857a746ecab9862c23e12a
 	Issue introduced in 4.3 with commit 7724105686e718ac476a6ad3304fea2fbcfcffde and fixed in 5.17.14 with commit 30eb275e7ed588270ae159cc590a96658e0cfd8f
 	Issue introduced in 4.3 with commit 7724105686e718ac476a6ad3304fea2fbcfcffde and fixed in 5.18.3 with commit 288d198f50434f29b4a26a9de4394ae2305ad8af
 	Issue introduced in 4.3 with commit 7724105686e718ac476a6ad3304fea2fbcfcffde and fixed in 5.19 with commit 05c03dfd09c069c4ffd783b47b2da5dcc9421f2c

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2022-49433
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/infiniband/hw/hfi1/sdma.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/66090815a24ce14cf51ef5453fc0218fe8a39bc2
 	https://git.kernel.org/stable/c/addb192000d8819c0b1553453994df9bb54c28db
 	https://git.kernel.org/stable/c/fc0750e659db7b315bf6348902cc8ca3cdd4b8d8
 	https://git.kernel.org/stable/c/ca55150bff5817af4f857a746ecab9862c23e12a
 	https://git.kernel.org/stable/c/30eb275e7ed588270ae159cc590a96658e0cfd8f
 	https://git.kernel.org/stable/c/288d198f50434f29b4a26a9de4394ae2305ad8af
 	https://git.kernel.org/stable/c/05c03dfd09c069c4ffd783b47b2da5dcc9421f2c
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2022-49433: RDMA/hfi1: Prevent use of lock before it is initialized

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	RDMA/hfi1: Prevent use of lock before it is initialized

	If there is a failure during probe of hfi1 before the sdma_map_lock is
	initialized, the call to hfi1_free_devdata() will attempt to use a lock
	that has not been initialized. If the locking correctness validator is on
	then an INFO message and stack trace resembling the following may be seen:

	INFO: trying to register non-static key.
	The code is fine but needs lockdep annotation, or maybe
	you didn't initialize this object before use?
	turning off the locking correctness validator.
	Call Trace:
	register_lock_class+0x11b/0x880
	__lock_acquire+0xf3/0x7930
	lock_acquire+0xff/0x2d0
	_raw_spin_lock_irq+0x46/0x60
	sdma_clean+0x42a/0x660 [hfi1]
	hfi1_free_devdata+0x3a7/0x420 [hfi1]
	init_one+0x867/0x11a0 [hfi1]
	pci_device_probe+0x40e/0x8d0

	The use of sdma_map_lock in sdma_clean() is for freeing the sdma_map
	memory, and sdma_map is not allocated/initialized until after
	sdma_map_lock has been initialized. This code only needs to be run if
	sdma_map is not NULL, and so checking for that condition will avoid trying
	to use the lock before it is initialized.

	The Linux kernel CVE team has assigned CVE-2022-49433 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 4.3 with commit 7724105686e718ac476a6ad3304fea2fbcfcffde and fixed in 4.19.247 with commit 66090815a24ce14cf51ef5453fc0218fe8a39bc2
	Issue introduced in 4.3 with commit 7724105686e718ac476a6ad3304fea2fbcfcffde and fixed in 5.4.198 with commit addb192000d8819c0b1553453994df9bb54c28db
	Issue introduced in 4.3 with commit 7724105686e718ac476a6ad3304fea2fbcfcffde and fixed in 5.10.121 with commit fc0750e659db7b315bf6348902cc8ca3cdd4b8d8
	Issue introduced in 4.3 with commit 7724105686e718ac476a6ad3304fea2fbcfcffde and fixed in 5.15.46 with commit ca55150bff5817af4f857a746ecab9862c23e12a
	Issue introduced in 4.3 with commit 7724105686e718ac476a6ad3304fea2fbcfcffde and fixed in 5.17.14 with commit 30eb275e7ed588270ae159cc590a96658e0cfd8f
	Issue introduced in 4.3 with commit 7724105686e718ac476a6ad3304fea2fbcfcffde and fixed in 5.18.3 with commit 288d198f50434f29b4a26a9de4394ae2305ad8af
	Issue introduced in 4.3 with commit 7724105686e718ac476a6ad3304fea2fbcfcffde and fixed in 5.19 with commit 05c03dfd09c069c4ffd783b47b2da5dcc9421f2c

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2022-49433
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/infiniband/hw/hfi1/sdma.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/66090815a24ce14cf51ef5453fc0218fe8a39bc2
	https://git.kernel.org/stable/c/addb192000d8819c0b1553453994df9bb54c28db
	https://git.kernel.org/stable/c/fc0750e659db7b315bf6348902cc8ca3cdd4b8d8
	https://git.kernel.org/stable/c/ca55150bff5817af4f857a746ecab9862c23e12a
	https://git.kernel.org/stable/c/30eb275e7ed588270ae159cc590a96658e0cfd8f
	https://git.kernel.org/stable/c/288d198f50434f29b4a26a9de4394ae2305ad8af
	https://git.kernel.org/stable/c/05c03dfd09c069c4ffd783b47b2da5dcc9421f2c