cve/published/2024/CVE-2024-35819.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-35819: soc: fsl: qbman: Use raw spinlock for cgr_lock

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 soc: fsl: qbman: Use raw spinlock for cgr_lock

 smp_call_function always runs its callback in hard IRQ context, even on
 PREEMPT_RT, where spinlocks can sleep. So we need to use a raw spinlock
 for cgr_lock to ensure we aren't waiting on a sleeping task.

 Although this bug has existed for a while, it was not apparent until
 commit ef2a8d5478b9 ("net: dpaa: Adjust queue depth on rate change")
 which invokes smp_call_function_single via qman_update_cgr_safe every
 time a link goes up or down.

 The Linux kernel CVE team has assigned CVE-2024-35819 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 4.16 with commit 96f413f47677366e0ae03797409bfcc4151dbf9e and fixed in 4.19.312 with commit 2b3fede8225133671ce837c0d284804aa3bc7a02
 	Issue introduced in 4.16 with commit 96f413f47677366e0ae03797409bfcc4151dbf9e and fixed in 5.4.274 with commit ff50716b7d5b7985979a5b21163cd79fb3d21d59
 	Issue introduced in 4.16 with commit 96f413f47677366e0ae03797409bfcc4151dbf9e and fixed in 5.10.215 with commit 32edca2f03a6cc42c650ddc3ad83d086e3f365d1
 	Issue introduced in 4.16 with commit 96f413f47677366e0ae03797409bfcc4151dbf9e and fixed in 5.15.154 with commit 9a3ca8292ce9fdcce122706c28c3f07bc857fe5e
 	Issue introduced in 4.16 with commit 96f413f47677366e0ae03797409bfcc4151dbf9e and fixed in 6.1.84 with commit d6b5aac451c9cc12e43ab7308e0e2ddc52c62c14
 	Issue introduced in 4.16 with commit 96f413f47677366e0ae03797409bfcc4151dbf9e and fixed in 6.6.24 with commit 54d26adf64c04f186098b39dba86b86037084baa
 	Issue introduced in 4.16 with commit 96f413f47677366e0ae03797409bfcc4151dbf9e and fixed in 6.7.12 with commit f39d36b7540cf0088ed7ce2de2794f2aa237f6df
 	Issue introduced in 4.16 with commit 96f413f47677366e0ae03797409bfcc4151dbf9e and fixed in 6.8.3 with commit cd53a8ae5aacb4ecd25088486dea1cd02e74b506
 	Issue introduced in 4.16 with commit 96f413f47677366e0ae03797409bfcc4151dbf9e and fixed in 6.9 with commit fbec4e7fed89b579f2483041fabf9650fb0dd6bc
 	Issue introduced in 4.9.92 with commit a85c525bbff4d7467d7f0ab6fed8e2f787b073d6
 	Issue introduced in 4.14.32 with commit 29cd9c2d1f428c281962135ea046a9d7bda88d14
 	Issue introduced in 4.15.15 with commit 5b10a404419f0532ef3ba990c12bebe118adb6d7

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-35819
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/soc/fsl/qbman/qman.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/2b3fede8225133671ce837c0d284804aa3bc7a02
 	https://git.kernel.org/stable/c/ff50716b7d5b7985979a5b21163cd79fb3d21d59
 	https://git.kernel.org/stable/c/32edca2f03a6cc42c650ddc3ad83d086e3f365d1
 	https://git.kernel.org/stable/c/9a3ca8292ce9fdcce122706c28c3f07bc857fe5e
 	https://git.kernel.org/stable/c/d6b5aac451c9cc12e43ab7308e0e2ddc52c62c14
 	https://git.kernel.org/stable/c/54d26adf64c04f186098b39dba86b86037084baa
 	https://git.kernel.org/stable/c/f39d36b7540cf0088ed7ce2de2794f2aa237f6df
 	https://git.kernel.org/stable/c/cd53a8ae5aacb4ecd25088486dea1cd02e74b506
 	https://git.kernel.org/stable/c/fbec4e7fed89b579f2483041fabf9650fb0dd6bc
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-35819: soc: fsl: qbman: Use raw spinlock for cgr_lock

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	soc: fsl: qbman: Use raw spinlock for cgr_lock

	smp_call_function always runs its callback in hard IRQ context, even on
	PREEMPT_RT, where spinlocks can sleep. So we need to use a raw spinlock
	for cgr_lock to ensure we aren't waiting on a sleeping task.

	Although this bug has existed for a while, it was not apparent until
	commit ef2a8d5478b9 ("net: dpaa: Adjust queue depth on rate change")
	which invokes smp_call_function_single via qman_update_cgr_safe every
	time a link goes up or down.

	The Linux kernel CVE team has assigned CVE-2024-35819 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 4.16 with commit 96f413f47677366e0ae03797409bfcc4151dbf9e and fixed in 4.19.312 with commit 2b3fede8225133671ce837c0d284804aa3bc7a02
	Issue introduced in 4.16 with commit 96f413f47677366e0ae03797409bfcc4151dbf9e and fixed in 5.4.274 with commit ff50716b7d5b7985979a5b21163cd79fb3d21d59
	Issue introduced in 4.16 with commit 96f413f47677366e0ae03797409bfcc4151dbf9e and fixed in 5.10.215 with commit 32edca2f03a6cc42c650ddc3ad83d086e3f365d1
	Issue introduced in 4.16 with commit 96f413f47677366e0ae03797409bfcc4151dbf9e and fixed in 5.15.154 with commit 9a3ca8292ce9fdcce122706c28c3f07bc857fe5e
	Issue introduced in 4.16 with commit 96f413f47677366e0ae03797409bfcc4151dbf9e and fixed in 6.1.84 with commit d6b5aac451c9cc12e43ab7308e0e2ddc52c62c14
	Issue introduced in 4.16 with commit 96f413f47677366e0ae03797409bfcc4151dbf9e and fixed in 6.6.24 with commit 54d26adf64c04f186098b39dba86b86037084baa
	Issue introduced in 4.16 with commit 96f413f47677366e0ae03797409bfcc4151dbf9e and fixed in 6.7.12 with commit f39d36b7540cf0088ed7ce2de2794f2aa237f6df
	Issue introduced in 4.16 with commit 96f413f47677366e0ae03797409bfcc4151dbf9e and fixed in 6.8.3 with commit cd53a8ae5aacb4ecd25088486dea1cd02e74b506
	Issue introduced in 4.16 with commit 96f413f47677366e0ae03797409bfcc4151dbf9e and fixed in 6.9 with commit fbec4e7fed89b579f2483041fabf9650fb0dd6bc
	Issue introduced in 4.9.92 with commit a85c525bbff4d7467d7f0ab6fed8e2f787b073d6
	Issue introduced in 4.14.32 with commit 29cd9c2d1f428c281962135ea046a9d7bda88d14
	Issue introduced in 4.15.15 with commit 5b10a404419f0532ef3ba990c12bebe118adb6d7

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-35819
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/soc/fsl/qbman/qman.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/2b3fede8225133671ce837c0d284804aa3bc7a02
	https://git.kernel.org/stable/c/ff50716b7d5b7985979a5b21163cd79fb3d21d59
	https://git.kernel.org/stable/c/32edca2f03a6cc42c650ddc3ad83d086e3f365d1
	https://git.kernel.org/stable/c/9a3ca8292ce9fdcce122706c28c3f07bc857fe5e
	https://git.kernel.org/stable/c/d6b5aac451c9cc12e43ab7308e0e2ddc52c62c14
	https://git.kernel.org/stable/c/54d26adf64c04f186098b39dba86b86037084baa
	https://git.kernel.org/stable/c/f39d36b7540cf0088ed7ce2de2794f2aa237f6df
	https://git.kernel.org/stable/c/cd53a8ae5aacb4ecd25088486dea1cd02e74b506
	https://git.kernel.org/stable/c/fbec4e7fed89b579f2483041fabf9650fb0dd6bc