2265656 – (CVE-2024-26587) CVE-2024-26587 kernel: netdevsim: don't try to destroy PHC on VFs

Bug 2265656 (CVE-2024-26587) - CVE-2024-26587 kernel: netdevsim: don't try to destroy PHC on VFs [NEEDINFO]

Summary: CVE-2024-26587 kernel: netdevsim: don't try to destroy PHC on VFs

Keywords:
Status:	NEW
Alias:	CVE-2024-26587
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2265667
Blocks:	2265643
TreeView+	depends on / blocked

Reported:	2024-02-23 13:51 UTC by Patrick Del Bello
Modified:	2024-02-28 16:15 UTC (History)
CC List:	51 users (show)
Fixed In Version:	kernel 6.8-rc1
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Embargoed:
Flags:	allarkin: needinfo? (kzhang)

Attachments	(Terms of Use)

Description Patrick Del Bello 2024-02-23 13:51:07 UTC

net: netdevsim: don't try to destroy PHC on VFs

PHC gets initialized in nsim_init_netdevsim(), which
is only called if (nsim_dev_port_is_pf()).

Create a counterpart of nsim_init_netdevsim() and
move the mock_phc_destroy() there.

This fixes a crash trying to destroy netdevsim with
VFs instantiated, as caught by running the devlink.sh test:

    BUG: kernel NULL pointer dereference, address: 00000000000000b8
    RIP: 0010:mock_phc_destroy+0xd/0x30
    Call Trace:
     <TASK>
     nsim_destroy+0x4a/0x70 [netdevsim]
     __nsim_dev_port_del+0x47/0x70 [netdevsim]
     nsim_dev_reload_destroy+0x105/0x120 [netdevsim]
     nsim_drv_remove+0x2f/0xb0 [netdevsim]
     device_release_driver_internal+0x1a1/0x210
     bus_remove_device+0xd5/0x120
     device_del+0x159/0x490
     device_unregister+0x12/0x30
     del_device_store+0x11a/0x1a0 [netdevsim]
     kernfs_fop_write_iter+0x130/0x1d0
     vfs_write+0x30b/0x4b0
     ksys_write+0x69/0xf0
     do_syscall_64+0xcc/0x1e0

Comment 1 Patrick Del Bello 2024-02-23 14:39:23 UTC

Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2265667]

Comment 3 Justin M. Forbes 2024-02-27 00:29:57 UTC

	Issue introduced in 6.6 with commit b63e78fca889 and fixed in 6.6.14 with commit 08aca65997fb
	Issue introduced in 6.6 with commit b63e78fca889 and fixed in 6.7.2 with commit c5068e442eed
	Issue introduced in 6.6 with commit b63e78fca889 and fixed in 6.8-rc1 with commit ea937f772083

Comment 4 Justin M. Forbes 2024-02-27 00:30:29 UTC

This was fixed for Fedora with the 6.6.14 stable kernel updates.

Note You need to log in before you can comment on or make changes to this bug.

acaringi
allarkin
aquini
bhu
chwhite
cye
cyin
dbohanno
debarbos
dfreiber
drow
dvlasenk
esandeen
ezulian
hkrzesin
jarod
jburrell
jdenham
jfaracco
jforbes
jlelli
joe.lawrence
jshortt
jstancek
jwyatt
kcarcia
kzhang
ldoskova
lgoncalv
lzampier
mleitner
mmilgram
mstowell
nmurray
ptalbert
rkeshri
rparrazo
rrobaina
rvrbovsk
rysulliv
scweaver
sukulkar
tglozar
tyberry
vkumar
wcosta
williams
wmealing
ycote
ykopkova
zhijwang