Release Date: | 2024-05-20 |
In the Linux kernel, the following vulnerability has been resolved:\nice: fix LAG and VF lock dependency in ice_reset_vf()\n9f74a3dfcf83 ('ice: Fix VF Reset paths when interface in a failed over\naggregate'), the ice driver has acquired the LAG mutex in ice_reset_vf().\nThe commit placed this lock acquisition just prior to the acquisition of\nthe VF configuration lock.\nIf ice_reset_vf() acquires the configuration lock via the ICE_VF_RESET_LOCK\nflag, this could deadlock with ice_vc_cfg_qs_msg() because it always\nacquires the locks in the order of the VF configuration lock and then the\nLAG mutex.\nLockdep reports this violation almost immediately on creating and then\nremoving 2 VF:\n======================================================\nWARNING: possible circular locking dependency detected\n6.8.0-rc6 #54 Tainted: G W O\n------------------------------------------------------\nkworker/60:3/6771 is trying to acquire lock:\nff40d43e099380a0 (&vf->cfg_lock){+.+.}-{3:3}, at: ice_reset_vf+0x22f/0x4d0 [ice]\nbut task is already holding lock:\nff40d43ea1961210 (&pf->lag_mutex){+.+.}-{3:3}, at: ice_reset_vf+0xb7/0x4d0 [ice]\nwhich lock already depends on the new lock.\nthe existing dependency chain (in reverse order) is:\n-> #1 (&pf->lag_mutex){+.+.}-{3:3}:\n__lock_acquire+0x4f8/0xb40\nlock_acquire+0xd4/0x2d0\n__mutex_lock+0x9b/0xbf0\nice_vc_cfg_qs_msg+0x45/0x690 [ice]\nice_vc_process_vf_msg+0x4f5/0x870 [ice]\n__ice_clean_ctrlq+0x2b5/0x600 [ice]\nice_service_task+0x2c9/0x480 [ice]\nprocess_one_work+0x1e9/0x4d0\nworker_thread+0x1e1/0x3d0\nkthread+0x104/0x140\nret_from_fork+0x31/0x50\nret_from_fork_asm+0x1b/0x30\n-> #0 (&vf->cfg_lock){+.+.}-{3:3}:\ncheck_prev_add+0xe2/0xc50\nvalidate_chain+0x558/0x800\n__lock_acquire+0x4f8/0xb40\nlock_acquire+0xd4/0x2d0\n__mutex_lock+0x9b/0xbf0\nice_reset_vf+0x22f/0x4d0 [ice]\nice_process_vflr_event+0x98/0xd0 [ice]\nice_service_task+0x1cc/0x480 [ice]\nprocess_one_work+0x1e9/0x4d0\nworker_thread+0x1e1/0x3d0\nkthread+0x104/0x140\nret_from_fork+0x31/0x50\nret_from_fork_asm+0x1b/0x30\nother info that might help us debug this:\nPossible unsafe locking scenario:\nCPU0 CPU1\n---- ----\nlock(&pf->lag_mutex);\nlock(&vf->cfg_lock);\nlock(&pf->lag_mutex);\nlock(&vf->cfg_lock);\n*** DEADLOCK ***\n4 locks held by kworker/60:3/6771:\n#0: ff40d43e05428b38 ((wq_completion)ice){+.+.}-{0:0}, at: process_one_work+0x176/0x4d0\n#1: ff50d06e05197e58 ((work_completion)(&pf->serv_task)){+.+.}-{0:0}, at: process_one_work+0x176/0x4d0\n#2: ff40d43ea1960e50 (&pf->vfs.table_lock){+.+.}-{3:3}, at: ice_process_vflr_event+0x48/0xd0 [ice]\n#3: ff40d43ea1961210 (&pf->lag_mutex){+.+.}-{3:3}, at: ice_reset_vf+0xb7/0x4d0 [ice]\nstack backtrace:\nCPU: 60 PID: 6771 Comm: kworker/60:3 Tainted: G W O 6.8.0-rc6 #54\nHardware name:\nWorkqueue: ice ice_service_task [ice]\nCall Trace:\n
See more information about CVE-2024-36003 from MITRE CVE dictionary and NIST NVD
NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.
Base Score: | 5.5 | CVSS Vector: | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Attack Vector: | Local network | Attack Complexity: | Low |
Privileges Required: | Low | User Interaction: | None |
Scope: | Unchanged | Confidentiality Impact: | None |
Integrity Impact: | None | Availability Impact: | High |
Platform | Errata | Release Date |
Oracle Linux version 9 (kernel) | ELSA-2024-5928 | 2024-08-28 |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections: