cve/published/2024/CVE-2024-26788.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-26788: dmaengine: fsl-qdma: init irq after reg initialization

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 dmaengine: fsl-qdma: init irq after reg initialization

 Initialize the qDMA irqs after the registers are configured so that
 interrupts that may have been pending from a primary kernel don't get
 processed by the irq handler before it is ready to and cause panic with
 the following trace:

   Call trace:
    fsl_qdma_queue_handler+0xf8/0x3e8
    __handle_irq_event_percpu+0x78/0x2b0
    handle_irq_event_percpu+0x1c/0x68
    handle_irq_event+0x44/0x78
    handle_fasteoi_irq+0xc8/0x178
    generic_handle_irq+0x24/0x38
    __handle_domain_irq+0x90/0x100
    gic_handle_irq+0x5c/0xb8
    el1_irq+0xb8/0x180
    _raw_spin_unlock_irqrestore+0x14/0x40
    __setup_irq+0x4bc/0x798
    request_threaded_irq+0xd8/0x190
    devm_request_threaded_irq+0x74/0xe8
    fsl_qdma_probe+0x4d4/0xca8
    platform_drv_probe+0x50/0xa0
    really_probe+0xe0/0x3f8
    driver_probe_device+0x64/0x130
    device_driver_attach+0x6c/0x78
    __driver_attach+0xbc/0x158
    bus_for_each_dev+0x5c/0x98
    driver_attach+0x20/0x28
    bus_add_driver+0x158/0x220
    driver_register+0x60/0x110
    __platform_driver_register+0x44/0x50
    fsl_qdma_driver_init+0x18/0x20
    do_one_initcall+0x48/0x258
    kernel_init_freeable+0x1a4/0x23c
    kernel_init+0x10/0xf8
    ret_from_fork+0x10/0x18

 The Linux kernel CVE team has assigned CVE-2024-26788 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 5.1 with commit b092529e0aa09829a6404424ce167bf3ce3235e2 and fixed in 5.4.271 with commit 3cc5fb824c2125aa3740d905b3e5b378c8a09478
 	Issue introduced in 5.1 with commit b092529e0aa09829a6404424ce167bf3ce3235e2 and fixed in 5.10.212 with commit 9579a21e99fe8dab22a253050ddff28d340d74e1
 	Issue introduced in 5.1 with commit b092529e0aa09829a6404424ce167bf3ce3235e2 and fixed in 5.15.151 with commit 4529c084a320be78ff2c5e64297ae998c6fdf66b
 	Issue introduced in 5.1 with commit b092529e0aa09829a6404424ce167bf3ce3235e2 and fixed in 6.1.81 with commit 474d521da890b3e3585335fb80a6044cb2553d99
 	Issue introduced in 5.1 with commit b092529e0aa09829a6404424ce167bf3ce3235e2 and fixed in 6.6.21 with commit a69c8bbb946936ac4eb6a6ae1e849435aa8d947d
 	Issue introduced in 5.1 with commit b092529e0aa09829a6404424ce167bf3ce3235e2 and fixed in 6.7.9 with commit 677102a930643c31f1b4c512b041407058bdfef8
 	Issue introduced in 5.1 with commit b092529e0aa09829a6404424ce167bf3ce3235e2 and fixed in 6.8 with commit 87a39071e0b639f45e05d296cc0538eef44ec0bd

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-26788
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/dma/fsl-qdma.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/3cc5fb824c2125aa3740d905b3e5b378c8a09478
 	https://git.kernel.org/stable/c/9579a21e99fe8dab22a253050ddff28d340d74e1
 	https://git.kernel.org/stable/c/4529c084a320be78ff2c5e64297ae998c6fdf66b
 	https://git.kernel.org/stable/c/474d521da890b3e3585335fb80a6044cb2553d99
 	https://git.kernel.org/stable/c/a69c8bbb946936ac4eb6a6ae1e849435aa8d947d
 	https://git.kernel.org/stable/c/677102a930643c31f1b4c512b041407058bdfef8
 	https://git.kernel.org/stable/c/87a39071e0b639f45e05d296cc0538eef44ec0bd
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-26788: dmaengine: fsl-qdma: init irq after reg initialization

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	dmaengine: fsl-qdma: init irq after reg initialization

	Initialize the qDMA irqs after the registers are configured so that
	interrupts that may have been pending from a primary kernel don't get
	processed by the irq handler before it is ready to and cause panic with
	the following trace:

	Call trace:
	fsl_qdma_queue_handler+0xf8/0x3e8
	__handle_irq_event_percpu+0x78/0x2b0
	handle_irq_event_percpu+0x1c/0x68
	handle_irq_event+0x44/0x78
	handle_fasteoi_irq+0xc8/0x178
	generic_handle_irq+0x24/0x38
	__handle_domain_irq+0x90/0x100
	gic_handle_irq+0x5c/0xb8
	el1_irq+0xb8/0x180
	_raw_spin_unlock_irqrestore+0x14/0x40
	__setup_irq+0x4bc/0x798
	request_threaded_irq+0xd8/0x190
	devm_request_threaded_irq+0x74/0xe8
	fsl_qdma_probe+0x4d4/0xca8
	platform_drv_probe+0x50/0xa0
	really_probe+0xe0/0x3f8
	driver_probe_device+0x64/0x130
	device_driver_attach+0x6c/0x78
	__driver_attach+0xbc/0x158
	bus_for_each_dev+0x5c/0x98
	driver_attach+0x20/0x28
	bus_add_driver+0x158/0x220
	driver_register+0x60/0x110
	__platform_driver_register+0x44/0x50
	fsl_qdma_driver_init+0x18/0x20
	do_one_initcall+0x48/0x258
	kernel_init_freeable+0x1a4/0x23c
	kernel_init+0x10/0xf8
	ret_from_fork+0x10/0x18

	The Linux kernel CVE team has assigned CVE-2024-26788 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 5.1 with commit b092529e0aa09829a6404424ce167bf3ce3235e2 and fixed in 5.4.271 with commit 3cc5fb824c2125aa3740d905b3e5b378c8a09478
	Issue introduced in 5.1 with commit b092529e0aa09829a6404424ce167bf3ce3235e2 and fixed in 5.10.212 with commit 9579a21e99fe8dab22a253050ddff28d340d74e1
	Issue introduced in 5.1 with commit b092529e0aa09829a6404424ce167bf3ce3235e2 and fixed in 5.15.151 with commit 4529c084a320be78ff2c5e64297ae998c6fdf66b
	Issue introduced in 5.1 with commit b092529e0aa09829a6404424ce167bf3ce3235e2 and fixed in 6.1.81 with commit 474d521da890b3e3585335fb80a6044cb2553d99
	Issue introduced in 5.1 with commit b092529e0aa09829a6404424ce167bf3ce3235e2 and fixed in 6.6.21 with commit a69c8bbb946936ac4eb6a6ae1e849435aa8d947d
	Issue introduced in 5.1 with commit b092529e0aa09829a6404424ce167bf3ce3235e2 and fixed in 6.7.9 with commit 677102a930643c31f1b4c512b041407058bdfef8
	Issue introduced in 5.1 with commit b092529e0aa09829a6404424ce167bf3ce3235e2 and fixed in 6.8 with commit 87a39071e0b639f45e05d296cc0538eef44ec0bd

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-26788
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/dma/fsl-qdma.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/3cc5fb824c2125aa3740d905b3e5b378c8a09478
	https://git.kernel.org/stable/c/9579a21e99fe8dab22a253050ddff28d340d74e1
	https://git.kernel.org/stable/c/4529c084a320be78ff2c5e64297ae998c6fdf66b
	https://git.kernel.org/stable/c/474d521da890b3e3585335fb80a6044cb2553d99
	https://git.kernel.org/stable/c/a69c8bbb946936ac4eb6a6ae1e849435aa8d947d
	https://git.kernel.org/stable/c/677102a930643c31f1b4c512b041407058bdfef8
	https://git.kernel.org/stable/c/87a39071e0b639f45e05d296cc0538eef44ec0bd