CVE-2021-47554
Severity:
Pending analysis
Type:
Unavailable / Other
Publication date:
24/05/2024
Last modified:
24/05/2024
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
vdpa_sim: avoid putting an uninitialized iova_domain<br />
<br />
The system will crash if we put an uninitialized iova_domain, this<br />
could happen when an error occurs before initializing the iova_domain<br />
in vdpasim_create().<br />
<br />
BUG: kernel NULL pointer dereference, address: 0000000000000000<br />
...<br />
RIP: 0010:__cpuhp_state_remove_instance+0x96/0x1c0<br />
...<br />
Call Trace:<br />
<br />
put_iova_domain+0x29/0x220<br />
vdpasim_free+0xd1/0x120 [vdpa_sim]<br />
vdpa_release_dev+0x21/0x40 [vdpa]<br />
device_release+0x33/0x90<br />
kobject_release+0x63/0x160<br />
vdpasim_create+0x127/0x2a0 [vdpa_sim]<br />
vdpasim_net_dev_add+0x7d/0xfe [vdpa_sim_net]<br />
vdpa_nl_cmd_dev_add_set_doit+0xe1/0x1a0 [vdpa]<br />
genl_family_rcv_msg_doit+0x112/0x140<br />
genl_rcv_msg+0xdf/0x1d0<br />
...<br />
<br />
So we must make sure the iova_domain is already initialized before<br />
put it.<br />
<br />
In addition, we may get the following warning in this case:<br />
WARNING: ... drivers/iommu/iova.c:344 iova_cache_put+0x58/0x70<br />
<br />
So we must make sure the iova_cache_put() is invoked only if the<br />
iova_cache_get() is already invoked. Let&#39;s fix it together.