Ubuntu
linux-bluefield package

gpio: Restrict usage of GPIO chip irq members before initialization

  1. Focal (20.04)
  2. Bug #2007581
Bug #2007581 reported by Asmaa Mnebhi
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux-bluefield (Ubuntu)
Invalid
Undecided
Unassigned
Focal
Fix Released
Medium
Asmaa Mnebhi

Bug Description

SRU Justification:

[Impact]

GPIO chip irq members are exposed before they could be completely
initialized and this leads to race conditions.

One such issue was observed for the gc->irq.domain variable which
was accessed through the pwr-mlxbf.c driver in gpiochip_to_irq() before
it could be initialized by gpiochip_add_irqchip(). This resulted in
Kernel NULL pointer dereference. This is a well known issue in the linux community
and was fixed via 2 commits:
5467801f1fcbdc46bc7298a84dbf3ca1ff2a7320
and
06fb4ecfeac7e00d6704fa5ed19299f2fefb3cc9 (since the previous commit caused a regression)

This race condition is intermittent and hard to reproduce.

[Fix]

* Cherry pick: 5467801f1fcbdc46bc7298a84dbf3ca1ff2a7320 to fix the bug at stake
* cherry-pick: 06fb4ecfeac7e00d6704fa5ed19299f2fefb3cc9 to fix a regression introduced by the previous commit

[Test Case]

* Check that the gpio-mlxbf2.c driver is loaded with no kernel panic
* check that all drivers dependent on gpio-mlxbf2.c driver are loaded (mlxbf-gige and pwr-mlxbf)
* do 5000 reboots to make sure this race condition no longer happens

[Regression Potential]

This could cause some regression with the use of gpio interrupts so it is important to test the dependent
drivers mlxbf-gige and pwr-mlxbf. Trigger power reset interrupt to test pwr-mlxbf and bring down/up the
oob_net0 interface to test mlxbf-gige.

Stefan Bader (smb)
Changed in linux-bluefield (Ubuntu Focal):
assignee: nobody → Asmaa Mnebhi (asmaam)
importance: Undecided → Medium
status: New → In Progress
Changed in linux-bluefield (Ubuntu):
status: New → Invalid
Kleber Sacilotto de Souza (kleber-souza)
Changed in linux-bluefield (Ubuntu Focal):
status: In Progress → Fix Committed
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-bluefield/5.4.0-1060.66 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-focal-linux-bluefield verification-needed-focal
Meriton Tuli (meritont)
tags: added: verification-done-focal
removed: verification-needed-focal
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-bluefield - 5.4.0-1060.66

---------------
linux-bluefield (5.4.0-1060.66) focal; urgency=medium

  * focal/linux-bluefield: 5.4.0-1060.66 -proposed tracker (LP: #2008364)

  * gpio: Restrict usage of GPIO chip irq members before initialization
    (LP: #2007581)
    - gpio: Restrict usage of GPIO chip irq members before initialization
    - gpio: Request interrupts after IRQ is initialized

  * netfilter: flowtable: add counter support in HW offload (LP: #2008136)
    - netfilter: conntrack: add nf_ct_acct_add()
    - netfilter: flowtable: add counter support in HW offload

  [ Ubuntu: 5.4.0-145.162 ]

  * focal/linux: 5.4.0-145.162 -proposed tracker (LP: #2008389)
  * [SRU]Update ice driver to support E823 devices (LP: #1986717)
    - ice: Add device ids for E822 devices
    - ice: add support for E823 devices
  * btrfs/154: rename fails with EOVERFLOW when calculating item size during
    item key collision (LP: #2004132)
    - btrfs: correctly calculate item size used when item key collision happens
  * rtcpie in timers from ubuntu_kernel_selftests randomly failing
    (LP: #1814234)
    - SAUCE: selftest: rtcpie: Force passing unreliable subtest
  * [UBUNTU 20.04] KVM: s390: pv: don't allow userspace to set the clock under
    PV - kernel part (LP: #1999882)
    - KVM: s390x: fix SCK locking
    - KVM: s390: pv: don't allow userspace to set the clock under PV
  * CVE-2021-3669
    - ipc: replace costly bailout check in sysvipc_find_ipc()
  * net:fcnal-test.sh 'nettest' command not found on F/K (LP: #2006391)
    - selftests/net: Find nettest in current directory
  * xfs: Preallocated ioend transactions cause deadlock due to log buffer
    exhaustion (LP: #2007219)
    - xfs: drop submit side trans alloc for append ioends
  * CVE-2022-4382
    - USB: gadgetfs: Fix race between mounting and unmounting
  * CVE-2022-2196
    - KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS
  * ubuntu_kernel_selftests: net:udpgso_bench.sh failed (LP: #1951447)
    - selftests: net: udpgso_bench: Fix racing bug between the rx/tx programs
  * net:fcnal-test.sh didn't return a non-zero value even with some sub-tests
    failed (LP: #2006692)
    - selftests: net/fcnal-test.sh: add exit code
  * Fix selftests/ftracetests/Meta-selftests in Focal (LP: #2006453)
    - SAUCE: Fix ftrace/Meta-selftests bashism check
  * CVE-2023-23559
    - wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid

 -- Bartlomiej Zolnierkiewicz <email address hidden> Fri, 10 Mar 2023 18:15:33 +0100

Changed in linux-bluefield (Ubuntu Focal):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.