2309858 – (CVE-2024-44995) CVE-2024-44995 kernel: net: hns3: fix a deadlock problem when config TC during resetting

Bug 2309858 (CVE-2024-44995) - CVE-2024-44995 kernel: net: hns3: fix a deadlock problem when config TC during resetting

Summary: CVE-2024-44995 kernel: net: hns3: fix a deadlock problem when config TC durin...

Keywords:
Status:	NEW
Alias:	CVE-2024-44995
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2309917
Blocks:
TreeView+	depends on / blocked

Reported:	2024-09-04 20:22 UTC by OSIDB Bzimport
Modified:	2024-09-16 11:51 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2024-09-04 20:22:23 UTC

In the Linux kernel, the following vulnerability has been resolved:

net: hns3: fix a deadlock problem when config TC during resetting

When config TC during the reset process, may cause a deadlock, the flow is
as below:
                             pf reset start
                                 │
                                 ▼
                              ......
setup tc                         │
    │                            ▼
    ▼                      DOWN: napi_disable()
napi_disable()(skip)             │
    │                            │
    ▼                            ▼
  ......                      ......
    │                            │
    ▼                            │
napi_enable()                    │
                                 ▼
                           UINIT: netif_napi_del()
                                 │
                                 ▼
                              ......
                                 │
                                 ▼
                           INIT: netif_napi_add()
                                 │
                                 ▼
                              ......                 global reset start
                                 │                      │
                                 ▼                      ▼
                           UP: napi_enable()(skip)    ......
                                 │                      │
                                 ▼                      ▼
                              ......                 napi_disable()

In reset process, the driver will DOWN the port and then UINIT, in this
case, the setup tc process will UP the port before UINIT, so cause the
problem. Adds a DOWN process in UINIT to fix it.

Comment 1 Robb Gatica 2024-09-04 21:41:27 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024090448-CVE-2024-44995-16e5@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.