Showing 1 - 1 of 1

CVE-2021-46939

Status Candidate

Overview

In the Linux kernel, the following vulnerability has been resolved: tracing: Restructure trace_clock_global() to never block It was reported that a fix to the ring buffer recursion detection would cause a hung machine when performing suspend / resume testing. The following backtrace was extracted from debugging that case: Call Trace: trace_clock_global+0x91/0xa0 __rb_reserve_next+0x237/0x460 ring_buffer_lock_reserve+0x12a/0x3f0 trace_buffer_lock_reserve+0x10/0x50 __trace_graph_return+0x1f/0x80 trace_graph_return+0xb7/0xf0 ? trace_clock_global+0x91/0xa0 ftrace_return_to_handler+0x8b/0xf0 ? pv_hash+0xa0/0xa0 return_to_handler+0x15/0x30 ? ftrace_graph_caller+0xa0/0xa0 ? trace_clock_global+0x91/0xa0 ? __rb_reserve_next+0x237/0x460 ? ring_buffer_lock_reserve+0x12a/0x3f0 ? trace_event_buffer_lock_reserve+0x3c/0x120 ? trace_event_buffer_reserve+0x6b/0xc0 ? trace_event_raw_event_device_pm_callback_start+0x125/0x2d0 ? dpm_run_callback+0x3b/0xc0 ? pm_ops_is_empty+0x50/0x50 ? platform_get_irq_byname_optional+0x90/0x90 ? trace_device_pm_callback_start+0x82/0xd0 ? dpm_run_callback+0x49/0xc0 With the following RIP: RIP: 0010:native_queued_spin_lock_slowpath+0x69/0x200 Since the fix to the recursion detection would allow a single recursion to happen while tracing, this lead to the trace_clock_global() taking a spin lock and then trying to take it again: ring_buffer_lock_reserve() { trace_clock_global() { arch_spin_lock() { queued_spin_lock_slowpath() { /* lock taken */ (something else gets traced by function graph tracer) ring_buffer_lock_reserve() { trace_clock_global() { arch_spin_lock() { queued_spin_lock_slowpath() { /* DEAD LOCK! */ Tracing should *never* block, as it can lead to strange lockups like the above. Restructure the trace_clock_global() code to instead of simply taking a lock to update the recorded "prev_time" simply use it, as two events happening on two different CPUs that calls this at the same time, really doesn't matter which one goes first. Use a trylock to grab the lock for updating the prev_time, and if it fails, simply try again the next time. If it failed to be taken, that means something else is already updating it. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=212761

Related Files

Ubuntu Security Notice USN-6778-1: Posted May 17, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6778-1 - Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.; tags | advisory, denial of service, kernel; systems | linux, ubuntu; advisories | CVE-2021-46939, CVE-2023-47233, CVE-2023-52524, CVE-2023-52566, CVE-2023-52602, CVE-2024-26614, CVE-2024-26801; SHA-256 | 5a2b8f3e7c01bf9c18ee07e2832ea0ee3f8ecf967fad1e117b272bd91c9ddf00; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 294 files
Ubuntu 80 files
Debian 19 files
Ahmet Umit Bayram 8 files
Amit Roy 4 files
Jann Horn 4 files
Google Security Research 4 files
tmrswrr 4 files
Furkan Eren Tetik 4 files
h00die 3 files

File Archives

Systems

AIX (429)
Apple (2,089)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,061)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,500)
HPUX (880)
iOS (375)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,018)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (16,064)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,580)
UNIX (9,417)
UnixWare (187)
Windows (6,662)
Other

CVE-2021-46939

Overview

Related Files

File Archive:

June 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems