CVE-2024-50040

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> igb: Do not bring the device up after non-fatal error<br /> <br /> Commit 004d25060c78 ("igb: Fix igb_down hung on surprise removal")<br /> changed igb_io_error_detected() to ignore non-fatal pcie errors in order<br /> to avoid hung task that can happen when igb_down() is called multiple<br /> times. This caused an issue when processing transient non-fatal errors.<br /> igb_io_resume(), which is called after igb_io_error_detected(), assumes<br /> that device is brought down by igb_io_error_detected() if the interface<br /> is up. This resulted in panic with stacktrace below.<br /> <br /> [ T3256] igb 0000:09:00.0 haeth0: igb: haeth0 NIC Link is Down<br /> [ T292] pcieport 0000:00:1c.5: AER: Uncorrected (Non-Fatal) error received: 0000:09:00.0<br /> [ T292] igb 0000:09:00.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)<br /> [ T292] igb 0000:09:00.0: device [8086:1537] error status/mask=00004000/00000000<br /> [ T292] igb 0000:09:00.0: [14] CmpltTO [ 200.105524,009][ T292] igb 0000:09:00.0: AER: TLP Header: 00000000 00000000 00000000 00000000<br /> [ T292] pcieport 0000:00:1c.5: AER: broadcast error_detected message<br /> [ T292] igb 0000:09:00.0: Non-correctable non-fatal error reported.<br /> [ T292] pcieport 0000:00:1c.5: AER: broadcast mmio_enabled message<br /> [ T292] pcieport 0000:00:1c.5: AER: broadcast resume message<br /> [ T292] ------------[ cut here ]------------<br /> [ T292] kernel BUG at net/core/dev.c:6539!<br /> [ T292] invalid opcode: 0000 [#1] PREEMPT SMP<br /> [ T292] RIP: 0010:napi_enable+0x37/0x40<br /> [ T292] Call Trace:<br /> [ T292] <br /> [ T292] ? die+0x33/0x90<br /> [ T292] ? do_trap+0xdc/0x110<br /> [ T292] ? napi_enable+0x37/0x40<br /> [ T292] ? do_error_trap+0x70/0xb0<br /> [ T292] ? napi_enable+0x37/0x40<br /> [ T292] ? napi_enable+0x37/0x40<br /> [ T292] ? exc_invalid_op+0x4e/0x70<br /> [ T292] ? napi_enable+0x37/0x40<br /> [ T292] ? asm_exc_invalid_op+0x16/0x20<br /> [ T292] ? napi_enable+0x37/0x40<br /> [ T292] igb_up+0x41/0x150<br /> [ T292] igb_io_resume+0x25/0x70<br /> [ T292] report_resume+0x54/0x70<br /> [ T292] ? report_frozen_detected+0x20/0x20<br /> [ T292] pci_walk_bus+0x6c/0x90<br /> [ T292] ? aer_print_port_info+0xa0/0xa0<br /> [ T292] pcie_do_recovery+0x22f/0x380<br /> [ T292] aer_process_err_devices+0x110/0x160<br /> [ T292] aer_isr+0x1c1/0x1e0<br /> [ T292] ? disable_irq_nosync+0x10/0x10<br /> [ T292] irq_thread_fn+0x1a/0x60<br /> [ T292] irq_thread+0xe3/0x1a0<br /> [ T292] ? irq_set_affinity_notifier+0x120/0x120<br /> [ T292] ? irq_affinity_notify+0x100/0x100<br /> [ T292] kthread+0xe2/0x110<br /> [ T292] ? kthread_complete_and_exit+0x20/0x20<br /> [ T292] ret_from_fork+0x2d/0x50<br /> [ T292] ? kthread_complete_and_exit+0x20/0x20<br /> [ T292] ret_from_fork_asm+0x11/0x20<br /> [ T292] <br /> <br /> To fix this issue igb_io_resume() checks if the interface is running and<br /> the device is not down this means igb_io_error_detected() did not bring<br /> the device down and there is no need to bring it up.