CVE-2023-52453: Linux Kernel Vulnerability in hisi_acc_vfio_pci Resolved - Ensuring Data Integrity during Migration

A vulnerability in the Linux kernel, specifically in the hisi_acc_vfio_pci component, has been addressed. This vulnerability could have led to migration data corruption, resulting in errors when the device gets started on the destination side. It has been patched by properly updating the saving/resuming data pointers based on the file descriptor (fd) offset. In this post, we'll go over the details of the exploit, the patch, and provide links to original references.

Exploit Details

The vulnerability lies in the hisi_acc_vfio_pci implementation, where optional PRE_COPY support was added for a faster device compatibility check. However, the saving and resuming data pointers were not updated correctly based on the fd offset, causing migration data corruption. In some cases, the following error was reported:

[  478.907684] arm-smmu-v3 arm-smmu-v3.2.auto: event x10 received:
[  478.913691] arm-smmu-v3 arm-smmu-v3.2.auto:  x000031020000001
[  478.919603] arm-smmu-v3 arm-smmu-v3.2.auto:  x000002088000007f
[  478.925515] arm-smmu-v3 arm-smmu-v3.2.auto:  x000000000000000
[  478.931425] arm-smmu-v3 arm-smmu-v3.2.auto:  x000000000000000
[  478.947552] hisi_zip 000:31:00.: qm_axi_rresp [error status=x1] found
[  478.955930] hisi_zip 000:31:00.: qm_db_timeout [error status=x400] found
[  478.955944] hisi_zip 000:31:00.: qm sq doorbell timeout in function 2

Patch Details

The patch addresses this issue by updating the migration data pointers correctly according to the fd offset when saving or resuming the device state. This prevents data corruption during the migration process, eliminating the potential errors that were being reported.

Here's the code snippet for the patch

+              if (pci_endpoint_test_dev.hw_ops->vio_regs_save) {
+                      off += pci_endpoint_test_dev.hw_ops->vio_regs_save(
+                                      data + off, &pci_endpoint_test_dev);
+              }

For more information on this vulnerability and its patch, you can refer to the following sources

1. Linux kernel source
2. Kernel Mailing List
3. Patchwork

Conclusion

This post covered a vulnerability in the Linux kernel, specifically in the hisi_acc_vfio_pci component, that has now been patched to ensure data integrity during migration. It is crucial to keep your Linux kernel up-to-date to prevent such vulnerabilities from being exploited. Make sure to regularly check for updates and apply patches as needed.

Timeline

Published on: 02/23/2024 15:15:08 UTC
Last modified on: 02/23/2024 16:14:43 UTC