CVE-2024-50234

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> wifi: iwlegacy: Clear stale interrupts before resuming device<br /> <br /> iwl4965 fails upon resume from hibernation on my laptop. The reason<br /> seems to be a stale interrupt which isn&amp;#39;t being cleared out before<br /> interrupts are enabled. We end up with a race beween the resume<br /> trying to bring things back up, and the restart work (queued form<br /> the interrupt handler) trying to bring things down. Eventually<br /> the whole thing blows up.<br /> <br /> Fix the problem by clearing out any stale interrupts before<br /> interrupts get enabled during resume.<br /> <br /> Here&amp;#39;s a debug log of the indicent:<br /> [ 12.042589] ieee80211 phy0: il_isr ISR inta 0x00000080, enabled 0xaa00008b, fh 0x00000000<br /> [ 12.042625] ieee80211 phy0: il4965_irq_tasklet inta 0x00000080, enabled 0x00000000, fh 0x00000000<br /> [ 12.042651] iwl4965 0000:10:00.0: RF_KILL bit toggled to enable radio.<br /> [ 12.042653] iwl4965 0000:10:00.0: On demand firmware reload<br /> [ 12.042690] ieee80211 phy0: il4965_irq_tasklet End inta 0x00000000, enabled 0xaa00008b, fh 0x00000000, flags 0x00000282<br /> [ 12.052207] ieee80211 phy0: il4965_mac_start enter<br /> [ 12.052212] ieee80211 phy0: il_prep_station Add STA to driver ID 31: ff:ff:ff:ff:ff:ff<br /> [ 12.052244] ieee80211 phy0: il4965_set_hw_ready hardware ready<br /> [ 12.052324] ieee80211 phy0: il_apm_init Init card&amp;#39;s basic functions<br /> [ 12.052348] ieee80211 phy0: il_apm_init L1 Enabled; Disabling L0S<br /> [ 12.055727] ieee80211 phy0: il4965_load_bsm Begin load bsm<br /> [ 12.056140] ieee80211 phy0: il4965_verify_bsm Begin verify bsm<br /> [ 12.058642] ieee80211 phy0: il4965_verify_bsm BSM bootstrap uCode image OK<br /> [ 12.058721] ieee80211 phy0: il4965_load_bsm BSM write complete, poll 1 iterations<br /> [ 12.058734] ieee80211 phy0: __il4965_up iwl4965 is coming up<br /> [ 12.058737] ieee80211 phy0: il4965_mac_start Start UP work done.<br /> [ 12.058757] ieee80211 phy0: __il4965_down iwl4965 is going down<br /> [ 12.058761] ieee80211 phy0: il_scan_cancel_timeout Scan cancel timeout<br /> [ 12.058762] ieee80211 phy0: il_do_scan_abort Not performing scan to abort<br /> [ 12.058765] ieee80211 phy0: il_clear_ucode_stations Clearing ucode stations in driver<br /> [ 12.058767] ieee80211 phy0: il_clear_ucode_stations No active stations found to be cleared<br /> [ 12.058819] ieee80211 phy0: _il_apm_stop Stop card, put in low power state<br /> [ 12.058827] ieee80211 phy0: _il_apm_stop_master stop master<br /> [ 12.058864] ieee80211 phy0: il4965_clear_free_frames 0 frames on pre-allocated heap on clear.<br /> [ 12.058869] ieee80211 phy0: Hardware restart was requested<br /> [ 16.132299] iwl4965 0000:10:00.0: START_ALIVE timeout after 4000ms.<br /> [ 16.132303] ------------[ cut here ]------------<br /> [ 16.132304] Hardware became unavailable upon resume. This could be a software issue prior to suspend or a hardware issue.<br /> [ 16.132338] WARNING: CPU: 0 PID: 181 at net/mac80211/util.c:1826 ieee80211_reconfig+0x8f/0x14b0 [mac80211]<br /> [ 16.132390] Modules linked in: ctr ccm sch_fq_codel xt_tcpudp xt_multiport xt_state iptable_filter iptable_nat nf_nat nf_conntrack nf_defrag_ipv4 ip_tables x_tables binfmt_misc joydev mousedev btusb btrtl btintel btbcm bluetooth ecdh_generic ecc iTCO_wdt i2c_dev iwl4965 iwlegacy coretemp snd_hda_codec_analog pcspkr psmouse mac80211 snd_hda_codec_generic libarc4 sdhci_pci cqhci sha256_generic sdhci libsha256 firewire_ohci snd_hda_intel snd_intel_dspcfg mmc_core snd_hda_codec snd_hwdep firewire_core led_class iosf_mbi snd_hda_core uhci_hcd lpc_ich crc_itu_t cfg80211 ehci_pci ehci_hcd snd_pcm usbcore mfd_core rfkill snd_timer snd usb_common soundcore video parport_pc parport intel_agp wmi intel_gtt backlight e1000e agpgart evdev<br /> [ 16.132456] CPU: 0 UID: 0 PID: 181 Comm: kworker/u8:6 Not tainted 6.11.0-cl+ #143<br /> [ 16.132460] Hardware name: Hewlett-Packard HP Compaq 6910p/30BE, BIOS 68MCU Ver. F.19 07/06/2010<br /> [ 16.132463] Workqueue: async async_run_entry_fn<br /> [ 16.132469] RIP: 0010:ieee80211_reconfig+0x8f/0x14b0 [mac80211]<br /> [ 16.132501] Code: da 02 00 0<br /> ---truncated---