CVE-2021-47019 - mt76: mt7921: Fixing Possible Invalid Register Access in the Linux Kernel

In the Linux kernel, a vulnerability that potentially could lead to invalid register access has been resolved. The issue affected the mt76: mt7921 module used in certain wireless network interfaces. The fix for this vulnerability involves disabling interrupt and synchronizing for the pending irq handlers, ensuring that the irq tasklet is not scheduled after the suspend. The goal is to avoid invalid register access attempts when the host pcie controller is in a suspended state.

A detailed log of the issue can be found below

[17932.910534] mt7921e 000:01:00.: pci_pm_suspend+x/x22c returned  after 21375 usecs
[17932.910590] pcieport 000:00:00.: calling pci_pm_suspend+x/x22c @ 18565, parent: pci000:00
[17932.910602] pcieport 000:00:00.: pci_pm_suspend+x/x22c returned  after 8 usecs
[17932.910671] mtk-pcie 11230000.pcie: calling platform_pm_suspend+x/x60 @ 22783, parent: soc
[17932.910674] mtk-pcie 11230000.pcie: platform_pm_suspend+x/x60 returned  after  usecs

...

17933.615352] x1 : 00000000000d420 x : ffffff8269ca230
[17933.620666] Call trace:
[17933.623127]  mt76_mmio_rr+x28/xf [mt76]
[17933.627234]  mt7921_rr+x38/x44 [mt7921e]
[17933.631339]  mt7921_irq_tasklet+x54/x1d8 [mt7921e]
[17933.636309]  tasklet_action_common+x12c/x16c
[17933.640754]  tasklet_action+x24/x2c
[17933.644418]  __do_softirq+x16c/x344
[17933.648082]  irq_exit+xa8/xac
[17933.651224]  scheduler_ipi+xd4/x148
[17933.654890]  handle_IPI+x164/x2d4
[17933.658379]  gic_handle_irq+x140/x178
[17933.662216]  el1_irq+xb8/x180
[17933.665361]  cpuidle_enter_state+xf8/x204
[17933.669544]  cpuidle_enter+x38/x4c
[17933.673122]  do_idle+x1a4/x2a8
[17933.676352]  cpu_startup_entry+x24/x28
[17933.680276]  rest_init+xd4/xe
[17933.683508]  arch_call_rest_init+x10/x18
[17933.687606]  start_kernel+x340/x3b4
[17933.691279] Code: aa0003f5 d503201f f953eaa8 8b344108 (b9400113)
[17933.697373] ---[ end trace a24b8e26ffbda3c5 ]---
[17933.767846] Kernel panic - not syncing: Fatal exception in interrupt

The code snippet from the relevant part of the Linux kernel source that resolves this vulnerability is as follows:

disable_interrupt_and_synchronize(&dev->irq_tasklet);

Original references for this vulnerability can be found in the following links

- Linux kernel source code
- Patchwork patch

This fix is essential for devices that utilize the affected kernel module, as failing to implement this patch could potentially lead to system instability or even a kernel panic. Users and developers are encouraged to update their systems to the latest Linux kernel version and keep up-to-date with subsequent releases to ensure optimal security and stability.

Timeline

Published on: 02/28/2024 09:15:39 UTC
Last modified on: 05/29/2024 05:00:38 UTC