CVE-2021-46964 - Linux Kernel Vulnerability: SCSI "qla2xxx" Driver Crashes

In the Linux kernel, a vulnerability has been discovered and resolved with the SCSI "qla2xxx" driver, which allocates insufficient IRQ vectors, thus leading to crashes. This vulnerability has been assigned the CVE identifier CVE-2021-46964.

The issue was first tackled in Commit a6dcfe08487e ("scsi: qla2xxx: Limit interrupt vectors to the number of CPUs") which lowers the number of allocated MSI-X vectors to match the number of CPUs. However, this created a problem in allocating vector assumptions in qla83xx_iospace_config(), qla24xx_enable_msix(), and qla2x00_iospace_config(). Each of these functions computes the maximum number of queue pairs in an incorrect manner, which leads to crashes when trying to find a queue pair in the queue_pair_map.

The following code snippet is where the crash happens

  if (ha->mqenable) {
          uint32_t tag;
          uint16_t hwq;
          struct qla_qpair *qpair = NULL;

          tag = blk_mq_unique_tag(cmd->request);
          hwq = blk_mq_unique_tag_to_hwq(tag);
          qpair = ha->queue_pair_map[hwq]; // Crash happens here

          if (qpair)
                  return qla2xxx_mqueuecommand(host, cmd, qpair);
  }

The bug causes a kernel NULL pointer dereference which may lead to more serious issues and impact the stability and security of the system.

To resolve the issue, the driver needs to allocate enough IRQ vectors to provide every CPU its own hardware queue while also handling the reserved (MB, RSP, ATIO) interrupts. The fix prevents unbalanced queue pair allocation, where the number of hardware queues is two less than the number of CPUs, and stops the crash on dual-core virtual machines.

For more details and the original references, you can visit the following links

1. Linux kernel commit a6dcfe08487e
2. Linux kernel mailing list discussion
3. CVE-2021-46964 - NIST National Vulnerability Database (NVD)

Overall, it is crucial for Linux kernel users to stay updated with the latest patches and ensure that their systems are not exposed to potential security vulnerabilities like this one. Make sure to regularly check for updates and apply them as necessary to maintain a secure and stable environment.

Timeline

Published on: 02/27/2024 19:04:07 UTC
Last modified on: 02/28/2024 14:06:45 UTC