cve/published/2025/CVE-2025-37917.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-1.2.0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@kernel.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2025-37917: net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx poll

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx poll

 Use spin_lock_irqsave and spin_unlock_irqrestore instead of spin_lock
 and spin_unlock in mtk_star_emac driver to avoid spinlock recursion
 occurrence that can happen when enabling the DMA interrupts again in
 rx/tx poll.

 ```
 BUG: spinlock recursion on CPU#0, swapper/0/0
  lock: 0xffff00000db9cf20, .magic: dead4ead, .owner: swapper/0/0,
     .owner_cpu: 0
 CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted
     6.15.0-rc2-next-20250417-00001-gf6a27738686c-dirty #28 PREEMPT
 Hardware name: MediaTek MT8365 Open Platform EVK (DT)
 Call trace:
  show_stack+0x18/0x24 (C)
  dump_stack_lvl+0x60/0x80
  dump_stack+0x18/0x24
  spin_dump+0x78/0x88
  do_raw_spin_lock+0x11c/0x120
  _raw_spin_lock+0x20/0x2c
  mtk_star_handle_irq+0xc0/0x22c [mtk_star_emac]
  __handle_irq_event_percpu+0x48/0x140
  handle_irq_event+0x4c/0xb0
  handle_fasteoi_irq+0xa0/0x1bc
  handle_irq_desc+0x34/0x58
  generic_handle_domain_irq+0x1c/0x28
  gic_handle_irq+0x4c/0x120
  do_interrupt_handler+0x50/0x84
  el1_interrupt+0x34/0x68
  el1h_64_irq_handler+0x18/0x24
  el1h_64_irq+0x6c/0x70
  regmap_mmio_read32le+0xc/0x20 (P)
  _regmap_bus_reg_read+0x6c/0xac
  _regmap_read+0x60/0xdc
  regmap_read+0x4c/0x80
  mtk_star_rx_poll+0x2f4/0x39c [mtk_star_emac]
  __napi_poll+0x38/0x188
  net_rx_action+0x164/0x2c0
  handle_softirqs+0x100/0x244
  __do_softirq+0x14/0x20
  ____do_softirq+0x10/0x20
  call_on_irq_stack+0x24/0x64
  do_softirq_own_stack+0x1c/0x40
  __irq_exit_rcu+0xd4/0x10c
  irq_exit_rcu+0x10/0x1c
  el1_interrupt+0x38/0x68
  el1h_64_irq_handler+0x18/0x24
  el1h_64_irq+0x6c/0x70
  cpuidle_enter_state+0xac/0x320 (P)
  cpuidle_enter+0x38/0x50
  do_idle+0x1e4/0x260
  cpu_startup_entry+0x34/0x3c
  rest_init+0xdc/0xe0
  console_on_rootfs+0x0/0x6c
  __primary_switched+0x88/0x90
 ```

 The Linux kernel CVE team has assigned CVE-2025-37917 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 6.0 with commit 0a8bd81fd6aaace14979152e0540da8ff158a00a and fixed in 6.1.138 with commit 94107259f972d2fd896dbbcaa176b3b2451ff9e5
 	Issue introduced in 6.0 with commit 0a8bd81fd6aaace14979152e0540da8ff158a00a and fixed in 6.6.90 with commit 7cb10f17bddc415f30fbc00a4e2b490e0d94c462
 	Issue introduced in 6.0 with commit 0a8bd81fd6aaace14979152e0540da8ff158a00a and fixed in 6.12.28 with commit 8d40bf73fa7f31eac2b0a7c9d85de67df82ee7f3
 	Issue introduced in 6.0 with commit 0a8bd81fd6aaace14979152e0540da8ff158a00a and fixed in 6.14.6 with commit d886f8d85494d12b2752fd7c6c32162d982d5dd5
 	Issue introduced in 6.0 with commit 0a8bd81fd6aaace14979152e0540da8ff158a00a and fixed in 6.15 with commit 6fe0866014486736cc3ba1c6fd4606d3dbe55c9c

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2025-37917
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/net/ethernet/mediatek/mtk_star_emac.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/bedd287fdd3142dffad7ae2ac6ef15f4a2ad0629
 	https://git.kernel.org/stable/c/94107259f972d2fd896dbbcaa176b3b2451ff9e5
 	https://git.kernel.org/stable/c/7cb10f17bddc415f30fbc00a4e2b490e0d94c462
 	https://git.kernel.org/stable/c/8d40bf73fa7f31eac2b0a7c9d85de67df82ee7f3
 	https://git.kernel.org/stable/c/d886f8d85494d12b2752fd7c6c32162d982d5dd5
 	https://git.kernel.org/stable/c/6fe0866014486736cc3ba1c6fd4606d3dbe55c9c
	From bippy-1.2.0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@kernel.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2025-37917: net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx poll

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx poll

	Use spin_lock_irqsave and spin_unlock_irqrestore instead of spin_lock
	and spin_unlock in mtk_star_emac driver to avoid spinlock recursion
	occurrence that can happen when enabling the DMA interrupts again in
	rx/tx poll.

	```
	BUG: spinlock recursion on CPU#0, swapper/0/0
	lock: 0xffff00000db9cf20, .magic: dead4ead, .owner: swapper/0/0,
	.owner_cpu: 0
	CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted
	6.15.0-rc2-next-20250417-00001-gf6a27738686c-dirty #28 PREEMPT
	Hardware name: MediaTek MT8365 Open Platform EVK (DT)
	Call trace:
	show_stack+0x18/0x24 (C)
	dump_stack_lvl+0x60/0x80
	dump_stack+0x18/0x24
	spin_dump+0x78/0x88
	do_raw_spin_lock+0x11c/0x120
	_raw_spin_lock+0x20/0x2c
	mtk_star_handle_irq+0xc0/0x22c [mtk_star_emac]
	__handle_irq_event_percpu+0x48/0x140
	handle_irq_event+0x4c/0xb0
	handle_fasteoi_irq+0xa0/0x1bc
	handle_irq_desc+0x34/0x58
	generic_handle_domain_irq+0x1c/0x28
	gic_handle_irq+0x4c/0x120
	do_interrupt_handler+0x50/0x84
	el1_interrupt+0x34/0x68
	el1h_64_irq_handler+0x18/0x24
	el1h_64_irq+0x6c/0x70
	regmap_mmio_read32le+0xc/0x20 (P)
	_regmap_bus_reg_read+0x6c/0xac
	_regmap_read+0x60/0xdc
	regmap_read+0x4c/0x80
	mtk_star_rx_poll+0x2f4/0x39c [mtk_star_emac]
	__napi_poll+0x38/0x188
	net_rx_action+0x164/0x2c0
	handle_softirqs+0x100/0x244
	__do_softirq+0x14/0x20
	____do_softirq+0x10/0x20
	call_on_irq_stack+0x24/0x64
	do_softirq_own_stack+0x1c/0x40
	__irq_exit_rcu+0xd4/0x10c
	irq_exit_rcu+0x10/0x1c
	el1_interrupt+0x38/0x68
	el1h_64_irq_handler+0x18/0x24
	el1h_64_irq+0x6c/0x70
	cpuidle_enter_state+0xac/0x320 (P)
	cpuidle_enter+0x38/0x50
	do_idle+0x1e4/0x260
	cpu_startup_entry+0x34/0x3c
	rest_init+0xdc/0xe0
	console_on_rootfs+0x0/0x6c
	__primary_switched+0x88/0x90
	```

	The Linux kernel CVE team has assigned CVE-2025-37917 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 6.0 with commit 0a8bd81fd6aaace14979152e0540da8ff158a00a and fixed in 6.1.138 with commit 94107259f972d2fd896dbbcaa176b3b2451ff9e5
	Issue introduced in 6.0 with commit 0a8bd81fd6aaace14979152e0540da8ff158a00a and fixed in 6.6.90 with commit 7cb10f17bddc415f30fbc00a4e2b490e0d94c462
	Issue introduced in 6.0 with commit 0a8bd81fd6aaace14979152e0540da8ff158a00a and fixed in 6.12.28 with commit 8d40bf73fa7f31eac2b0a7c9d85de67df82ee7f3
	Issue introduced in 6.0 with commit 0a8bd81fd6aaace14979152e0540da8ff158a00a and fixed in 6.14.6 with commit d886f8d85494d12b2752fd7c6c32162d982d5dd5
	Issue introduced in 6.0 with commit 0a8bd81fd6aaace14979152e0540da8ff158a00a and fixed in 6.15 with commit 6fe0866014486736cc3ba1c6fd4606d3dbe55c9c

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2025-37917
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/net/ethernet/mediatek/mtk_star_emac.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/bedd287fdd3142dffad7ae2ac6ef15f4a2ad0629
	https://git.kernel.org/stable/c/94107259f972d2fd896dbbcaa176b3b2451ff9e5
	https://git.kernel.org/stable/c/7cb10f17bddc415f30fbc00a4e2b490e0d94c462
	https://git.kernel.org/stable/c/8d40bf73fa7f31eac2b0a7c9d85de67df82ee7f3
	https://git.kernel.org/stable/c/d886f8d85494d12b2752fd7c6c32162d982d5dd5
	https://git.kernel.org/stable/c/6fe0866014486736cc3ba1c6fd4606d3dbe55c9c