| From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001 |
| From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| To: <linux-cve-announce@vger.kernel.org> |
| Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> |
| Subject: CVE-2023-52743: ice: Do not use WQ_MEM_RECLAIM flag for workqueue |
| |
| Description |
| =========== |
| |
| In the Linux kernel, the following vulnerability has been resolved: |
| |
| ice: Do not use WQ_MEM_RECLAIM flag for workqueue |
| |
| When both ice and the irdma driver are loaded, a warning in |
| check_flush_dependency is being triggered. This is due to ice driver |
| workqueue being allocated with the WQ_MEM_RECLAIM flag and the irdma one |
| is not. |
| |
| According to kernel documentation, this flag should be set if the |
| workqueue will be involved in the kernel's memory reclamation flow. |
| Since it is not, there is no need for the ice driver's WQ to have this |
| flag set so remove it. |
| |
| Example trace: |
| |
| [ +0.000004] workqueue: WQ_MEM_RECLAIM ice:ice_service_task [ice] is flushing !WQ_MEM_RECLAIM infiniband:0x0 |
| [ +0.000139] WARNING: CPU: 0 PID: 728 at kernel/workqueue.c:2632 check_flush_dependency+0x178/0x1a0 |
| [ +0.000011] Modules linked in: bonding tls xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT nf_reject_ipv4 nft_compat nft_cha |
| in_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nf_tables nfnetlink bridge stp llc rfkill vfat fat intel_rapl_msr intel |
| _rapl_common isst_if_common skx_edac nfit libnvdimm x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm irqbypass crct1 |
| 0dif_pclmul crc32_pclmul ghash_clmulni_intel rapl intel_cstate rpcrdma sunrpc rdma_ucm ib_srpt ib_isert iscsi_target_mod target_ |
| core_mod ib_iser libiscsi scsi_transport_iscsi rdma_cm ib_cm iw_cm iTCO_wdt iTCO_vendor_support ipmi_ssif irdma mei_me ib_uverbs |
| ib_core intel_uncore joydev pcspkr i2c_i801 acpi_ipmi mei lpc_ich i2c_smbus intel_pch_thermal ioatdma ipmi_si acpi_power_meter |
| acpi_pad xfs libcrc32c sd_mod t10_pi crc64_rocksoft crc64 sg ahci ixgbe libahci ice i40e igb crc32c_intel mdio i2c_algo_bit liba |
| ta dca wmi dm_mirror dm_region_hash dm_log dm_mod ipmi_devintf ipmi_msghandler fuse |
| [ +0.000161] [last unloaded: bonding] |
| [ +0.000006] CPU: 0 PID: 728 Comm: kworker/0:2 Tainted: G S 6.2.0-rc2_next-queue-13jan-00458-gc20aabd57164 #1 |
| [ +0.000006] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0010.010620200716 01/06/2020 |
| [ +0.000003] Workqueue: ice ice_service_task [ice] |
| [ +0.000127] RIP: 0010:check_flush_dependency+0x178/0x1a0 |
| [ +0.000005] Code: 89 8e 02 01 e8 49 3d 40 00 49 8b 55 18 48 8d 8d d0 00 00 00 48 8d b3 d0 00 00 00 4d 89 e0 48 c7 c7 e0 3b 08 |
| 9f e8 bb d3 07 01 <0f> 0b e9 be fe ff ff 80 3d 24 89 8e 02 00 0f 85 6b ff ff ff e9 06 |
| [ +0.000004] RSP: 0018:ffff88810a39f990 EFLAGS: 00010282 |
| [ +0.000005] RAX: 0000000000000000 RBX: ffff888141bc2400 RCX: 0000000000000000 |
| [ +0.000004] RDX: 0000000000000001 RSI: dffffc0000000000 RDI: ffffffffa1213a80 |
| [ +0.000003] RBP: ffff888194bf3400 R08: ffffed117b306112 R09: ffffed117b306112 |
| [ +0.000003] R10: ffff888bd983088b R11: ffffed117b306111 R12: 0000000000000000 |
| [ +0.000003] R13: ffff888111f84d00 R14: ffff88810a3943ac R15: ffff888194bf3400 |
| [ +0.000004] FS: 0000000000000000(0000) GS:ffff888bd9800000(0000) knlGS:0000000000000000 |
| [ +0.000003] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 |
| [ +0.000003] CR2: 000056035b208b60 CR3: 000000017795e005 CR4: 00000000007706f0 |
| [ +0.000003] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 |
| [ +0.000003] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 |
| [ +0.000002] PKRU: 55555554 |
| [ +0.000003] Call Trace: |
| [ +0.000002] <TASK> |
| [ +0.000003] __flush_workqueue+0x203/0x840 |
| [ +0.000006] ? mutex_unlock+0x84/0xd0 |
| [ +0.000008] ? __pfx_mutex_unlock+0x10/0x10 |
| [ +0.000004] ? __pfx___flush_workqueue+0x10/0x10 |
| [ +0.000006] ? mutex_lock+0xa3/0xf0 |
| [ +0.000005] ib_cache_cleanup_one+0x39/0x190 [ib_core] |
| [ +0.000174] __ib_unregister_device+0x84/0xf0 [ib_core] |
| [ +0.000094] ib_unregister_device+0x25/0x30 [ib_core] |
| [ +0.000093] irdma_ib_unregister_device+0x97/0xc0 [irdma] |
| [ +0.000064] ? __pfx_irdma_ib_unregister_device+0x10/0x10 [irdma] |
| [ +0.000059] ? up_write+0x5c/0x90 |
| [ +0.000005] irdma_remove+0x36/0x90 [irdma] |
| [ +0.000062] auxiliary_bus_remove+0x32/0x50 |
| [ +0.000007] device_release_driver_internal+0xfa/0x1c0 |
| [ +0.000005] bus_remove_device+0x18a/0x260 |
| [ +0.000007] device_del+0x2e5/0x650 |
| [ +0.000005] ? __pfx_device_del+0x10/0x10 |
| [ +0.000003] ? mutex_unlock+0x84/0xd0 |
| [ +0.000004] ? __pfx_mutex_unlock+0x10/0x10 |
| [ +0.000004] ? _raw_spin_unlock+0x18/0x40 |
| [ +0.000005] ice_unplug_aux_dev+0x52/0x70 [ice] |
| [ +0.000160] ice_service_task+0x1309/0x14f0 [ice] |
| [ +0.000134] ? __pfx___schedule+0x10/0x10 |
| [ +0.000006] process_one_work+0x3b1/0x6c0 |
| [ +0.000008] worker_thread+0x69/0x670 |
| [ +0.000005] ? __kthread_parkme+0xec/0x110 |
| [ +0.000007] ? __pfx_worker_thread+0x10/0x10 |
| [ +0.000005] kthread+0x17f/0x1b0 |
| [ +0.000005] ? __pfx_kthread+0x10/0x10 |
| [ +0.000004] ret_from_fork+0x29/0x50 |
| [ +0.000009] </TASK> |
| |
| The Linux kernel CVE team has assigned CVE-2023-52743 to this issue. |
| |
| |
| Affected and fixed versions |
| =========================== |
| |
| Issue introduced in 4.17 with commit 940b61af02f497fcd911b9e2d75c6b8cf76b92fd and fixed in 5.4.232 with commit 87a5e3fc8416106e290c448fc8a6dd50ab24c634 |
| Issue introduced in 4.17 with commit 940b61af02f497fcd911b9e2d75c6b8cf76b92fd and fixed in 5.10.168 with commit 1ad4112c9fcf0bc08222b2b1614fba52ffd12255 |
| Issue introduced in 4.17 with commit 940b61af02f497fcd911b9e2d75c6b8cf76b92fd and fixed in 5.15.94 with commit ca834a017851c50464c25a85f3cb2daefff7bede |
| Issue introduced in 4.17 with commit 940b61af02f497fcd911b9e2d75c6b8cf76b92fd and fixed in 6.1.12 with commit df59e05401450973c8c7e96fd74b49e24442dc1f |
| Issue introduced in 4.17 with commit 940b61af02f497fcd911b9e2d75c6b8cf76b92fd and fixed in 6.2 with commit 4d159f7884f78b1aacb99b4fc37d1e3cb1194e39 |
| |
| Please see https://www.kernel.org for a full list of currently supported |
| kernel versions by the kernel community. |
| |
| Unaffected versions might change over time as fixes are backported to |
| older supported kernel versions. The official CVE entry at |
| https://cve.org/CVERecord/?id=CVE-2023-52743 |
| will be updated if fixes are backported, please check that for the most |
| up to date information about this issue. |
| |
| |
| Affected files |
| ============== |
| |
| The file(s) affected by this issue are: |
| drivers/net/ethernet/intel/ice/ice_main.c |
| |
| |
| Mitigation |
| ========== |
| |
| The Linux kernel CVE team recommends that you update to the latest |
| stable kernel version for this, and many other bugfixes. Individual |
| changes are never tested alone, but rather are part of a larger kernel |
| release. Cherry-picking individual commits is not recommended or |
| supported by the Linux kernel community at all. If however, updating to |
| the latest release is impossible, the individual changes to resolve this |
| issue can be found at these commits: |
| https://git.kernel.org/stable/c/87a5e3fc8416106e290c448fc8a6dd50ab24c634 |
| https://git.kernel.org/stable/c/1ad4112c9fcf0bc08222b2b1614fba52ffd12255 |
| https://git.kernel.org/stable/c/ca834a017851c50464c25a85f3cb2daefff7bede |
| https://git.kernel.org/stable/c/df59e05401450973c8c7e96fd74b49e24442dc1f |
| https://git.kernel.org/stable/c/4d159f7884f78b1aacb99b4fc37d1e3cb1194e39 |
