CVE-2021-47023

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: marvell: prestera: fix port event handling on init<br /> <br /> For some reason there might be a crash during ports creation if port<br /> events are handling at the same time because fw may send initial<br /> port event with down state.<br /> <br /> The crash points to cancel_delayed_work() which is called when port went<br /> is down. Currently I did not find out the real cause of the issue, so<br /> fixed it by cancel port stats work only if previous port&amp;#39;s state was up<br /> &amp; runnig.<br /> <br /> The following is the crash which can be triggered:<br /> <br /> [ 28.311104] Unable to handle kernel paging request at virtual address<br /> 000071775f776600<br /> [ 28.319097] Mem abort info:<br /> [ 28.321914] ESR = 0x96000004<br /> [ 28.324996] EC = 0x25: DABT (current EL), IL = 32 bits<br /> [ 28.330350] SET = 0, FnV = 0<br /> [ 28.333430] EA = 0, S1PTW = 0<br /> [ 28.336597] Data abort info:<br /> [ 28.339499] ISV = 0, ISS = 0x00000004<br /> [ 28.343362] CM = 0, WnR = 0<br /> [ 28.346354] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000100bf7000<br /> [ 28.352842] [000071775f776600] pgd=0000000000000000,<br /> p4d=0000000000000000<br /> [ 28.359695] Internal error: Oops: 96000004 [#1] PREEMPT SMP<br /> [ 28.365310] Modules linked in: prestera_pci(+) prestera<br /> uio_pdrv_genirq<br /> [ 28.372005] CPU: 0 PID: 1291 Comm: kworker/0:1H Not tainted<br /> 5.11.0-rc4 #1<br /> [ 28.378846] Hardware name: DNI AmazonGo1 A7040 board (DT)<br /> [ 28.384283] Workqueue: prestera_fw_wq prestera_fw_evt_work_fn<br /> [prestera_pci]<br /> [ 28.391413] pstate: 60000085 (nZCv daIf -PAN -UAO -TCO BTYPE=--)<br /> [ 28.397468] pc : get_work_pool+0x48/0x60<br /> [ 28.401442] lr : try_to_grab_pending+0x6c/0x1b0<br /> [ 28.406018] sp : ffff80001391bc60<br /> [ 28.409358] x29: ffff80001391bc60 x28: 0000000000000000<br /> [ 28.414725] x27: ffff000104fc8b40 x26: ffff80001127de88<br /> [ 28.420089] x25: 0000000000000000 x24: ffff000106119760<br /> [ 28.425452] x23: ffff00010775dd60 x22: ffff00010567e000<br /> [ 28.430814] x21: 0000000000000000 x20: ffff80001391bcb0<br /> [ 28.436175] x19: ffff00010775deb8 x18: 00000000000000c0<br /> [ 28.441537] x17: 0000000000000000 x16: 000000008d9b0e88<br /> [ 28.446898] x15: 0000000000000001 x14: 00000000000002ba<br /> [ 28.452261] x13: 80a3002c00000002 x12: 00000000000005f4<br /> [ 28.457622] x11: 0000000000000030 x10: 000000000000000c<br /> [ 28.462985] x9 : 000000000000000c x8 : 0000000000000030<br /> [ 28.468346] x7 : ffff800014400000 x6 : ffff000106119758<br /> [ 28.473708] x5 : 0000000000000003 x4 : ffff00010775dc60<br /> [ 28.479068] x3 : 0000000000000000 x2 : 0000000000000060<br /> [ 28.484429] x1 : 000071775f776600 x0 : ffff00010775deb8<br /> [ 28.489791] Call trace:<br /> [ 28.492259] get_work_pool+0x48/0x60<br /> [ 28.495874] cancel_delayed_work+0x38/0xb0<br /> [ 28.500011] prestera_port_handle_event+0x90/0xa0 [prestera]<br /> [ 28.505743] prestera_evt_recv+0x98/0xe0 [prestera]<br /> [ 28.510683] prestera_fw_evt_work_fn+0x180/0x228 [prestera_pci]<br /> [ 28.516660] process_one_work+0x1e8/0x360<br /> [ 28.520710] worker_thread+0x44/0x480<br /> [ 28.524412] kthread+0x154/0x160<br /> [ 28.527670] ret_from_fork+0x10/0x38<br /> [ 28.531290] Code: a8c17bfd d50323bf d65f03c0 9278dc21 (f9400020)<br /> [ 28.537429] ---[ end trace 5eced933df3a080b ]---