CVE-2023-54287

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> tty: serial: imx: disable Ageing Timer interrupt request irq<br /> <br /> There maybe pending USR interrupt before requesting irq, however<br /> uart_add_one_port has not executed, so there will be kernel panic:<br /> [ 0.795668] Unable to handle kernel NULL pointer dereference at virtual addre<br /> ss 0000000000000080<br /> [ 0.802701] Mem abort info:<br /> [ 0.805367] ESR = 0x0000000096000004<br /> [ 0.808950] EC = 0x25: DABT (current EL), IL = 32 bits<br /> [ 0.814033] SET = 0, FnV = 0<br /> [ 0.816950] EA = 0, S1PTW = 0<br /> [ 0.819950] FSC = 0x04: level 0 translation fault<br /> [ 0.824617] Data abort info:<br /> [ 0.827367] ISV = 0, ISS = 0x00000004<br /> [ 0.831033] CM = 0, WnR = 0<br /> [ 0.833866] [0000000000000080] user address but active_mm is swapper<br /> [ 0.839951] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP<br /> [ 0.845953] Modules linked in:<br /> [ 0.848869] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.1.1+g56321e101aca #1<br /> [ 0.855617] Hardware name: Freescale i.MX8MP EVK (DT)<br /> [ 0.860452] pstate: 000000c5 (nzcv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)<br /> [ 0.867117] pc : __imx_uart_rxint.constprop.0+0x11c/0x2c0<br /> [ 0.872283] lr : imx_uart_int+0xf8/0x1ec<br /> <br /> The issue only happends in the inmate linux when Jailhouse hypervisor<br /> enabled. The test procedure is:<br /> while true; do<br /> jailhouse enable imx8mp.cell<br /> jailhouse cell linux xxxx<br /> sleep 10<br /> jailhouse cell destroy 1<br /> jailhouse disable<br /> sleep 5<br /> done<br /> <br /> And during the upper test, press keys to the 2nd linux console.<br /> When `jailhouse cell destroy 1`, the 2nd linux has no chance to put<br /> the uart to a quiese state, so USR1/2 may has pending interrupts. Then<br /> when `jailhosue cell linux xx` to start 2nd linux again, the issue<br /> trigger.<br /> <br /> In order to disable irqs before requesting them, both UCR1 and UCR2 irqs<br /> should be disabled, so here fix that, disable the Ageing Timer interrupt<br /> in UCR2 as UCR1 does.