CVE-2021-47449

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ice: fix locking for Tx timestamp tracking flush<br /> <br /> Commit 4dd0d5c33c3e ("ice: add lock around Tx timestamp tracker flush")<br /> added a lock around the Tx timestamp tracker flow which is used to<br /> cleanup any left over SKBs and prepare for device removal.<br /> <br /> This lock is problematic because it is being held around a call to<br /> ice_clear_phy_tstamp. The clear function takes a mutex to send a PHY<br /> write command to firmware. This could lead to a deadlock if the mutex<br /> actually sleeps, and causes the following warning on a kernel with<br /> preemption debugging enabled:<br /> <br /> [ 715.419426] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:573<br /> [ 715.427900] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 3100, name: rmmod<br /> [ 715.435652] INFO: lockdep is turned off.<br /> [ 715.439591] Preemption disabled at:<br /> [ 715.439594] [] 0x0<br /> [ 715.446678] CPU: 52 PID: 3100 Comm: rmmod Tainted: G W OE 5.15.0-rc4+ #42 bdd7ec3018e725f159ca0d372ce8c2c0e784891c<br /> [ 715.458058] Hardware name: Intel Corporation S2600STQ/S2600STQ, BIOS SE5C620.86B.02.01.0010.010620200716 01/06/2020<br /> [ 715.468483] Call Trace:<br /> [ 715.470940] dump_stack_lvl+0x6a/0x9a<br /> [ 715.474613] ___might_sleep.cold+0x224/0x26a<br /> [ 715.478895] __mutex_lock+0xb3/0x1440<br /> [ 715.482569] ? stack_depot_save+0x378/0x500<br /> [ 715.486763] ? ice_sq_send_cmd+0x78/0x14c0 [ice 9a7e1ec00971c89ecd3fe0d4dc7da2b3786a421d]<br /> [ 715.494979] ? kfree+0xc1/0x520<br /> [ 715.498128] ? mutex_lock_io_nested+0x12a0/0x12a0<br /> [ 715.502837] ? kasan_set_free_info+0x20/0x30<br /> [ 715.507110] ? __kasan_slab_free+0x10b/0x140<br /> [ 715.511385] ? slab_free_freelist_hook+0xc7/0x220<br /> [ 715.516092] ? kfree+0xc1/0x520<br /> [ 715.519235] ? ice_deinit_lag+0x16c/0x220 [ice 9a7e1ec00971c89ecd3fe0d4dc7da2b3786a421d]<br /> [ 715.527359] ? ice_remove+0x1cf/0x6a0 [ice 9a7e1ec00971c89ecd3fe0d4dc7da2b3786a421d]<br /> [ 715.535133] ? pci_device_remove+0xab/0x1d0<br /> [ 715.539318] ? __device_release_driver+0x35b/0x690<br /> [ 715.544110] ? driver_detach+0x214/0x2f0<br /> [ 715.548035] ? bus_remove_driver+0x11d/0x2f0<br /> [ 715.552309] ? pci_unregister_driver+0x26/0x250<br /> [ 715.556840] ? ice_module_exit+0xc/0x2f [ice 9a7e1ec00971c89ecd3fe0d4dc7da2b3786a421d]<br /> [ 715.564799] ? __do_sys_delete_module.constprop.0+0x2d8/0x4e0<br /> [ 715.570554] ? do_syscall_64+0x3b/0x90<br /> [ 715.574303] ? entry_SYSCALL_64_after_hwframe+0x44/0xae<br /> [ 715.579529] ? start_flush_work+0x542/0x8f0<br /> [ 715.583719] ? ice_sq_send_cmd+0x78/0x14c0 [ice 9a7e1ec00971c89ecd3fe0d4dc7da2b3786a421d]<br /> [ 715.591923] ice_sq_send_cmd+0x78/0x14c0 [ice 9a7e1ec00971c89ecd3fe0d4dc7da2b3786a421d]<br /> [ 715.599960] ? wait_for_completion_io+0x250/0x250<br /> [ 715.604662] ? lock_acquire+0x196/0x200<br /> [ 715.608504] ? do_raw_spin_trylock+0xa5/0x160<br /> [ 715.612864] ice_sbq_rw_reg+0x1e6/0x2f0 [ice 9a7e1ec00971c89ecd3fe0d4dc7da2b3786a421d]<br /> [ 715.620813] ? ice_reset+0x130/0x130 [ice 9a7e1ec00971c89ecd3fe0d4dc7da2b3786a421d]<br /> [ 715.628497] ? __debug_check_no_obj_freed+0x1e8/0x3c0<br /> [ 715.633550] ? trace_hardirqs_on+0x1c/0x130<br /> [ 715.637748] ice_write_phy_reg_e810+0x70/0xf0 [ice 9a7e1ec00971c89ecd3fe0d4dc7da2b3786a421d]<br /> [ 715.646220] ? do_raw_spin_trylock+0xa5/0x160<br /> [ 715.650581] ? ice_ptp_release+0x910/0x910 [ice 9a7e1ec00971c89ecd3fe0d4dc7da2b3786a421d]<br /> [ 715.658797] ? ice_ptp_release+0x255/0x910 [ice 9a7e1ec00971c89ecd3fe0d4dc7da2b3786a421d]<br /> [ 715.667013] ice_clear_phy_tstamp+0x2c/0x110 [ice 9a7e1ec00971c89ecd3fe0d4dc7da2b3786a421d]<br /> [ 715.675403] ice_ptp_release+0x408/0x910 [ice 9a7e1ec00971c89ecd3fe0d4dc7da2b3786a421d]<br /> [ 715.683440] ice_remove+0x560/0x6a0 [ice 9a7e1ec00971c89ecd3fe0d4dc7da2b3786a421d]<br /> [ 715.691037] ? _raw_spin_unlock_irqrestore+0x46/0x73<br /> [ 715.696005] pci_device_remove+0xab/0x1d0<br /> [ 715.700018] __device_release_driver+0x35b/0x690<br /> [ 715.704637] driver_detach+0x214/0x2f0<br /> [ 715.708389] bus_remove_driver+0x11d/0x2f0<br /> [ 715.712489] pci_unregister_driver+0x26/0x250<br /> [ 71<br /> ---truncated---