CVE-2022-48840: Linux Kernel iavf Hang during Reboot/Shutdown Fixed

In the Linux kernel, a vulnerability has been patched that previously caused the system to hang during the reboot or shutdown process. This vulnerability was introduced by commit 974578017fc1 ("iavf: Add waiting so the port is initialized in remove"), which added a wait-loop at the beginning of iavf_remove(). This article provides an overview of this bug's background and details on how it was fixed.

Background

The iavf driver serves as a Virtual Function (VF) driver for Intel(R) Ethernet Controller 700 Series Network Connections. A previous change to the iavf driver, related to waiting for port initialization in the iavf_remove() function, resulted in a deadlock during reboot or shutdown scenarios. The issue occurred as follows:

1. The iavf_shutdown() callback was called, detaching the device, bringing it down if it was running, and setting its state to __IAVF_REMOVE.

The associated PF driver's shutdown callback (e.g., ice_shutdown or i40e_shutdown) was then called.

3. This callback would call sriov_disable(), which would indirectly call iavf_remove() (as shown in the stack trace provided in the original content).

Due to the adapter state already being __IAVF_REMOVE and the wait-loop still running, this situation resulted in an endless loop, causing the shutdown process to hang.

Patch

The patch resolves this issue by checking the adapter's state at the beginning of the iavf_remove() function. If the adapter is already in the remove state, the rest of the function is skipped, and the shutdown proceeds smoothly.

Reboot the system, and observe the hang during the reboot process.

Fix:
To benefit from this fix and prevent iavf-related hangs during reboot and shutdown, users should ensure their Linux kernel is up-to-date and includes the patch that addresses CVE-2022-48840.

Conclusion

The Linux kernel vulnerability for Intel Ethernet Adapters that caused hangs during reboot and shutdown has been identified and resolved. Users should ensure they are using an up-to-date kernel version that includes the patch for CVE-2022-48840 to avoid experiencing this issue.

Original References

- Linux Kernel Patch
- Kernel Bug Report
- CVE-2022-48840

Timeline

Published on: 07/16/2024 13:15:11 UTC
Last modified on: 07/17/2024 20:37:49 UTC