In the Linux kernel, a security vulnerability has been identified and resolved in the serial/pmac_zilog module. The flawed mitigation for the rx irq flood had caused issues with the system's stability and performance. This article provides an overview of the vulnerability, code snippets, links to original references, and details about the exploit.
Exploit Details and Background
The serial/pmac_zilog module uses a flawed mitigation for the rx irq flood. This mitigation was originally intended to stop the irq completely. That may be better than a hard lock-up, but it turns out that you get a crash anyway if you're using pmac_zilog as a serial console. Here's the reported error message:
ttyPZ: pmz: rx irq flood !
BUG: spinlock recursion on CPU#, swapper/
The error is caused by the pr_err() call in pmz_receive_chars() which results in pmz_console_write() trying to lock a spinlock already locked in pmz_interrupt(). With CONFIG_DEBUG_SPINLOCK=y, this produces a fatal BUG splat. The spinlock in question is the one in struct uart_port.
The problem arises when the serial port rx function ceases to work. Moreover, the iteration limit does not work well with QEMU, as evident in the linked bug report below.
During the investigation of the error message pmz: rx irq flood, no additional reports were found. Thus, it is believed that the flawed mitigation code is no longer necessary and can be removed.
Resolution and Code Snippet
With the removal of the flawed mitigation in the serial/pmac_zilog module, the Linux kernel can now handle the situation better, avoiding system crashes and enhancing the serial port's functionality.
Here is the code snippet of the resolution
// Removed flawed mitigation for rx irq flood
void pmz_receive_chars(struct uart_port *port)
{
...
// Remove check for iteration limit
while (...)
{
...
}
}
By removing the mitigation, the conflict between the spinlock in the struct uart_port issue is resolved, and the system's stability is improved.
For a comprehensive understanding of the issue and resolution, refer to the following sources
1. Linux kernel Git commit - The commit that resolves the vulnerability, providing the patch for this CVE.
2. Bug report - The original bug report discussing the issue with QEMU, and the identification of the mitigation as problematic.
Conclusion
CVE-2024-26999 addresses a critical security vulnerability in the Linux kernel's serial/pmac_zilog module. By removing the flawed mitigation for the rx irq flood, system stability is greatly improved, and potential crashes caused by spinlock recursion are avoided. Stay up-to-date with your Linux kernel to ensure that you're protected from this vulnerability.
Timeline
Published on: 05/01/2024 06:15:17 UTC
Last modified on: 12/19/2024 08:52:13 UTC