CVE-2021-46939

CVE Details

Release Date:2024-02-27

Description


In the Linux kernel, the following vulnerability has been resolved:\ntracing: Restructure trace_clock_global() to never block\nIt was reported that a fix to the ring buffer recursion detection would\ncause a hung machine when performing suspend / resume testing. The\nfollowing backtrace was extracted from debugging that case:\nCall Trace:\ntrace_clock_global+0x91/0xa0\n__rb_reserve_next+0x237/0x460\nring_buffer_lock_reserve+0x12a/0x3f0\ntrace_buffer_lock_reserve+0x10/0x50\n__trace_graph_return+0x1f/0x80\ntrace_graph_return+0xb7/0xf0\n? trace_clock_global+0x91/0xa0\nftrace_return_to_handler+0x8b/0xf0\n? pv_hash+0xa0/0xa0\nreturn_to_handler+0x15/0x30\n? ftrace_graph_caller+0xa0/0xa0\n? trace_clock_global+0x91/0xa0\n? __rb_reserve_next+0x237/0x460\n? ring_buffer_lock_reserve+0x12a/0x3f0\n? trace_event_buffer_lock_reserve+0x3c/0x120\n? trace_event_buffer_reserve+0x6b/0xc0\n? trace_event_raw_event_device_pm_callback_start+0x125/0x2d0\n? dpm_run_callback+0x3b/0xc0\n? pm_ops_is_empty+0x50/0x50\n? platform_get_irq_byname_optional+0x90/0x90\n? trace_device_pm_callback_start+0x82/0xd0\n? dpm_run_callback+0x49/0xc0\nWith the following RIP:\nRIP: 0010:native_queued_spin_lock_slowpath+0x69/0x200\nSince the fix to the recursion detection would allow a single recursion to\nhappen while tracing, this lead to the trace_clock_global() taking a spin\nlock and then trying to take it again:\nring_buffer_lock_reserve() {\ntrace_clock_global() {\narch_spin_lock() {\nqueued_spin_lock_slowpath() {\n/* lock taken */\n(something else gets traced by function graph tracer)\nring_buffer_lock_reserve() {\ntrace_clock_global() {\narch_spin_lock() {\nqueued_spin_lock_slowpath() {\n/* DEAD LOCK! */\nTracing should *never* block, as it can lead to strange lockups like the\nabove.\nRestructure the trace_clock_global() code to instead of simply taking a\nlock to update the recorded 'prev_time' simply use it, as two events\nhappening on two different CPUs that calls this at the same time, really\ndoesn't matter which one goes first. Use a trylock to grab the lock for\nupdating the prev_time, and if it fails, simply try again the next time.\nIf it failed to be taken, that means something else is already updating\nit.\nBugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=212761

See more information about CVE-2021-46939 from MITRE CVE dictionary and NIST NVD


CVSS Scoring


NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.

Base Score: 5.5 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector: Local network Attack Complexity: Low
Privileges Required: Low User Interaction: None
Scope: Unchanged Confidentiality Impact: None
Integrity Impact: None Availability Impact: High

Errata information


PlatformErrataRelease Date
Oracle Linux version 6 (kernel-uek)ELSA-2024-126062024-09-02
Oracle Linux version 7 (kernel-uek)ELSA-2024-126062024-09-02
Oracle Linux version 8 (kernel)ELSA-2024-51012024-08-08
Oracle VM version 3 (kernel-uek)OVMSA-2024-00112024-09-03


This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

software.hardware.complete