CVE-2021-47349

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mwifiex: bring down link before deleting interface<br /> <br /> We can deadlock when rmmod&amp;#39;ing the driver or going through firmware<br /> reset, because the cfg80211_unregister_wdev() has to bring down the link<br /> for us, ... which then grab the same wiphy lock.<br /> <br /> nl80211_del_interface() already handles a very similar case, with a nice<br /> description:<br /> <br /> /*<br /> * We hold RTNL, so this is safe, without RTNL opencount cannot<br /> * reach 0, and thus the rdev cannot be deleted.<br /> *<br /> * We need to do it for the dev_close(), since that will call<br /> * the netdev notifiers, and we need to acquire the mutex there<br /> * but don&amp;#39;t know if we get there from here or from some other<br /> * place (e.g. "ip link set ... down").<br /> */<br /> mutex_unlock(&amp;rdev-&gt;wiphy.mtx);<br /> ...<br /> <br /> Do similarly for mwifiex teardown, by ensuring we bring the link down<br /> first.<br /> <br /> Sample deadlock trace:<br /> <br /> [ 247.103516] INFO: task rmmod:2119 blocked for more than 123 seconds.<br /> [ 247.110630] Not tainted 5.12.4 #5<br /> [ 247.115796] "echo 0 &gt; /proc/sys/kernel/hung_task_timeout_secs" disables this message.<br /> [ 247.124557] task:rmmod state:D stack: 0 pid: 2119 ppid: 2114 flags:0x00400208<br /> [ 247.133905] Call trace:<br /> [ 247.136644] __switch_to+0x130/0x170<br /> [ 247.140643] __schedule+0x714/0xa0c<br /> [ 247.144548] schedule_preempt_disabled+0x88/0xf4<br /> [ 247.149714] __mutex_lock_common+0x43c/0x750<br /> [ 247.154496] mutex_lock_nested+0x5c/0x68<br /> [ 247.158884] cfg80211_netdev_notifier_call+0x280/0x4e0 [cfg80211]<br /> [ 247.165769] raw_notifier_call_chain+0x4c/0x78<br /> [ 247.170742] call_netdevice_notifiers_info+0x68/0xa4<br /> [ 247.176305] __dev_close_many+0x7c/0x138<br /> [ 247.180693] dev_close_many+0x7c/0x10c<br /> [ 247.184893] unregister_netdevice_many+0xfc/0x654<br /> [ 247.190158] unregister_netdevice_queue+0xb4/0xe0<br /> [ 247.195424] _cfg80211_unregister_wdev+0xa4/0x204 [cfg80211]<br /> [ 247.201816] cfg80211_unregister_wdev+0x20/0x2c [cfg80211]<br /> [ 247.208016] mwifiex_del_virtual_intf+0xc8/0x188 [mwifiex]<br /> [ 247.214174] mwifiex_uninit_sw+0x158/0x1b0 [mwifiex]<br /> [ 247.219747] mwifiex_remove_card+0x38/0xa0 [mwifiex]<br /> [ 247.225316] mwifiex_pcie_remove+0xd0/0xe0 [mwifiex_pcie]<br /> [ 247.231451] pci_device_remove+0x50/0xe0<br /> [ 247.235849] device_release_driver_internal+0x110/0x1b0<br /> [ 247.241701] driver_detach+0x5c/0x9c<br /> [ 247.245704] bus_remove_driver+0x84/0xb8<br /> [ 247.250095] driver_unregister+0x3c/0x60<br /> [ 247.254486] pci_unregister_driver+0x2c/0x90<br /> [ 247.259267] cleanup_module+0x18/0xcdc [mwifiex_pcie]