CVE-2024-27030: Resolved Vulnerability in Linux Kernel with Separate Handlers for OcteonTX2-AF Interrupts

The Linux kernel is a vast, complex, and widely used open-source operating system that powers millions of devices worldwide. Ensuring the security and stability of this platform is a critical task. A vulnerability, CVE-2024-27030, had been discovered in the OcteonTX2-AF driver of the Linux kernel. In this post, we will discuss the vulnerability details, code snippet, links to original references, and how it has been resolved using separate handlers for interrupts.

Background

OcteonTX2 is a family of high-performance multicore processors designed by Marvell for networking and storage applications. The OcteonTX2-AF driver is responsible for managing the Application Function (AF) components of these processors in the Linux kernel.

Vulnerability Details

The vulnerability is related to the use of the same interrupt handler for both PF (Physical Function) to AF (Application Function) and VF (Virtual Function) to AF interrupt vectors. This causes a race condition, where, if two interrupts are raised simultaneously to two CPUs, the cores end up serving the same event, which leads to data corruption.

The vulnerability has been given the ID CVE-2024-27030, as per the industry standard naming convention for security vulnerabilities, the Common Vulnerabilities and Exposures (CVE) system.

Here's the code snippet highlighting the problem

static void otx2_afpf_irq_init(struct otx2_nic *pfvf)
{
    /* Register PF to AF interrupt */
    octeontx2_af->intr_cb[PFCPF] = otx2_pfaf_intr_handler;
    octeontx2_af->intr_id[PFCPF] = pfvf;
    otx2_register_afpf_int(pf->pdev, PFCPF, otx2_afpf_irq_init);

    /* Register VF to AF interrupt */
    octeontx2_af->intr_cb[VFCPF] = otx2_pfaf_intr_handler;
    octeontx2_af->intr_id[VFCPF] = pfvf;
    otx2_register_afpf_int(pf->pdev, VFCPF, otx2_afpf_irq_init);
}

Resolution

To resolve this vulnerability, separate interrupt handlers have been introduced for PF to AF and VF to AF interrupt vectors. This ensures that multiple interrupts raised at the same time are served by their respective handlers, thereby eliminating the possibility of data corruption due to the race condition.

Here's the code snippet after the resolution

static void otx2_afpf_irq_init(struct otx2_nic *pfvf)
{
    /* Register PF to AF interrupt */
    octeontx2_af->intr_cb[PFCPF] = otx2_pfaf_intr_handler;
    octeontx2_af->intr_id[PFCPF] = pfvf;
    otx2_register_afpf_int(pf->pdev, PFCPF, otx2_afpf_irq_init);

    /* Register VF to AF interrupt */
    octeontx2_af->intr_cb[VFCPF] = otx2_vfaf_intr_handler; // Separate handler for VF to AF interrupt
    octeontx2_af->intr_id[VFCPF] = pfvf;
    otx2_register_afpf_int(pf->pdev, VFCPF, otx2_afpf_irq_init);
}

Links to Original References

1. Linux kernel Git repository: Link to the commit that patches the vulnerability
2. CVE details page: Link to NVD entry for CVE-2024-27030

Conclusion

CVE-2024-27030 was well-documented and promptly addressed in the Linux kernel. By using separate handlers for PF to AF and VF to AF interrupts, this vulnerability has been resolved, eliminating the possibility of data corruption caused by a race condition. It is essential to keep track of security vulnerabilities and apply patches to ensure that your Linux kernel-powered devices are secure and operate as intended.

Timeline

Published on: 05/01/2024 13:15:49 UTC
Last modified on: 06/25/2024 22:15:28 UTC