cve/published/2022/CVE-2022-49613.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2022-49613: serial: 8250: Fix PM usage_count for console handover

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 serial: 8250: Fix PM usage_count for console handover

 When console is enabled, univ8250_console_setup() calls
 serial8250_console_setup() before .dev is set to uart_port. Therefore,
 it will not call pm_runtime_get_sync(). Later, when the actual driver
 is going to take over univ8250_console_exit() is called. As .dev is
 already set, serial8250_console_exit() makes pm_runtime_put_sync() call
 with usage count being zero triggering PM usage count warning
 (extra debug for univ8250_console_setup(), univ8250_console_exit(), and
 serial8250_register_ports()):

 [    0.068987] univ8250_console_setup ttyS0 nodev
 [    0.499670] printk: console [ttyS0] enabled
 [    0.717955] printk: console [ttyS0] printing thread started
 [    1.960163] serial8250_register_ports assigned dev for ttyS0
 [    1.976830] printk: console [ttyS0] disabled
 [    1.976888] printk: console [ttyS0] printing thread stopped
 [    1.977073] univ8250_console_exit ttyS0 usage:0
 [    1.977075] serial8250 serial8250: Runtime PM usage count underflow!
 [    1.977429] dw-apb-uart.6: ttyS0 at MMIO 0x4010006000 (irq = 33, base_baud = 115200) is a 16550A
 [    1.977812] univ8250_console_setup ttyS0 usage:2
 [    1.978167] printk: console [ttyS0] printing thread started
 [    1.978203] printk: console [ttyS0] enabled

 To fix the issue, call pm_runtime_get_sync() in
 serial8250_register_ports() as soon as .dev is set for an uart_port
 if it has console enabled.

 This problem became apparent only recently because 82586a721595 ("PM:
 runtime: Avoid device usage count underflows") added the warning
 printout. I confirmed this problem also occurs with v5.18 (w/o the
 warning printout, obviously).

 The Linux kernel CVE team has assigned CVE-2022-49613 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 5.7 with commit bedb404e91bb2908d9921fc736a518a9d89525fc and fixed in 5.10.132 with commit d9cb6fabc90102f9e61fe35bd0160db88f4f53b4
 	Issue introduced in 5.7 with commit bedb404e91bb2908d9921fc736a518a9d89525fc and fixed in 5.15.56 with commit 190ce5cdc55d1b66ea582ac2be6fd5a72e3cc486
 	Issue introduced in 5.7 with commit bedb404e91bb2908d9921fc736a518a9d89525fc and fixed in 5.18.13 with commit 5df66302f03f87ae8953785a882d78e911f00c55
 	Issue introduced in 5.7 with commit bedb404e91bb2908d9921fc736a518a9d89525fc and fixed in 5.19 with commit f9b11229b79c0fb2100b5bb4628a101b1d37fbf6

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2022-49613
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/tty/serial/8250/8250_core.c
 	drivers/tty/serial/serial_core.c
 	include/linux/serial_core.h


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/d9cb6fabc90102f9e61fe35bd0160db88f4f53b4
 	https://git.kernel.org/stable/c/190ce5cdc55d1b66ea582ac2be6fd5a72e3cc486
 	https://git.kernel.org/stable/c/5df66302f03f87ae8953785a882d78e911f00c55
 	https://git.kernel.org/stable/c/f9b11229b79c0fb2100b5bb4628a101b1d37fbf6
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2022-49613: serial: 8250: Fix PM usage_count for console handover

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	serial: 8250: Fix PM usage_count for console handover

	When console is enabled, univ8250_console_setup() calls
	serial8250_console_setup() before .dev is set to uart_port. Therefore,
	it will not call pm_runtime_get_sync(). Later, when the actual driver
	is going to take over univ8250_console_exit() is called. As .dev is
	already set, serial8250_console_exit() makes pm_runtime_put_sync() call
	with usage count being zero triggering PM usage count warning
	(extra debug for univ8250_console_setup(), univ8250_console_exit(), and
	serial8250_register_ports()):

	[ 0.068987] univ8250_console_setup ttyS0 nodev
	[ 0.499670] printk: console [ttyS0] enabled
	[ 0.717955] printk: console [ttyS0] printing thread started
	[ 1.960163] serial8250_register_ports assigned dev for ttyS0
	[ 1.976830] printk: console [ttyS0] disabled
	[ 1.976888] printk: console [ttyS0] printing thread stopped
	[ 1.977073] univ8250_console_exit ttyS0 usage:0
	[ 1.977075] serial8250 serial8250: Runtime PM usage count underflow!
	[ 1.977429] dw-apb-uart.6: ttyS0 at MMIO 0x4010006000 (irq = 33, base_baud = 115200) is a 16550A
	[ 1.977812] univ8250_console_setup ttyS0 usage:2
	[ 1.978167] printk: console [ttyS0] printing thread started
	[ 1.978203] printk: console [ttyS0] enabled

	To fix the issue, call pm_runtime_get_sync() in
	serial8250_register_ports() as soon as .dev is set for an uart_port
	if it has console enabled.

	This problem became apparent only recently because 82586a721595 ("PM:
	runtime: Avoid device usage count underflows") added the warning
	printout. I confirmed this problem also occurs with v5.18 (w/o the
	warning printout, obviously).

	The Linux kernel CVE team has assigned CVE-2022-49613 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 5.7 with commit bedb404e91bb2908d9921fc736a518a9d89525fc and fixed in 5.10.132 with commit d9cb6fabc90102f9e61fe35bd0160db88f4f53b4
	Issue introduced in 5.7 with commit bedb404e91bb2908d9921fc736a518a9d89525fc and fixed in 5.15.56 with commit 190ce5cdc55d1b66ea582ac2be6fd5a72e3cc486
	Issue introduced in 5.7 with commit bedb404e91bb2908d9921fc736a518a9d89525fc and fixed in 5.18.13 with commit 5df66302f03f87ae8953785a882d78e911f00c55
	Issue introduced in 5.7 with commit bedb404e91bb2908d9921fc736a518a9d89525fc and fixed in 5.19 with commit f9b11229b79c0fb2100b5bb4628a101b1d37fbf6

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2022-49613
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/tty/serial/8250/8250_core.c
	drivers/tty/serial/serial_core.c
	include/linux/serial_core.h


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/d9cb6fabc90102f9e61fe35bd0160db88f4f53b4
	https://git.kernel.org/stable/c/190ce5cdc55d1b66ea582ac2be6fd5a72e3cc486
	https://git.kernel.org/stable/c/5df66302f03f87ae8953785a882d78e911f00c55
	https://git.kernel.org/stable/c/f9b11229b79c0fb2100b5bb4628a101b1d37fbf6