CVE-2024-56760 - Linux Kernel PCI/MSI ‘irqdomain’ Handling Vulnerability Explained

The Linux Kernel is constantly evolving and, like any large codebase, sometimes security and functionality bugs are introduced as new architectures and features are supported. One such vulnerability, tracked as CVE-2024-56760, affected the handling of PCI Message Signaled Interrupts (MSI) in relation to interrupt domains (irqdomain). This bug could result in misleading warnings or system errors, especially on hardware platforms like RISC-V and LoongArch, which have specific requirements for how interrupts should be managed.

Let’s break down what happened, what the implications are, and how things were fixed—using simple terms so anyone can follow along.


## What Is PCI/MSI and irqdomain?

- PCI/MSI allows PCI devices to signal interrupts using messages instead of dedicated wires (INTx).
- The irqdomain framework in Linux helps map device interrupts to the right CPU interrupt handler, which is especially important for complex architectures.

Different CPU architectures like RISC-V and LoongArch may handle these differently from x86 and ARM, often not implementing legacy (old-style) PCI interrupt support.

What Was the Problem?

The buggy code could emit warnings like this on systems that didn’t support legacy PCI/MSI, such as RISC-V:

WARNING: CPU: 1 PID: 1 at drivers/pci/msi/msi.h:121 pci_msi_setup_msi_irqs+x2c/x32
__pci_enable_msix_range+x30c/x596
pci_msi_setup_msi_irqs+x2c/x32
pci_alloc_irq_vectors_affinity+xb8/xe2

The kernel made legacy assumptions about how devices support interrupts.

- When running on an architecture that doesn’t provide legacy PCI/MSI support (like RISC-V), the kernel tried to call a "fallback" that either wasn’t there or wasn’t implemented properly.
- For MSI-X (an extension of MSI), the kernel would fall back in a way that could yield bogus warnings or errors, instead of returning a proper "not supported" signal (-ENOTSUPP).

On LoongArch, developers simply turned on "legacy support" without really implementing the needed code, masking the problem for a while because weak (default/fake) functions returned errors anyway.

The fix involved making sure the kernel code

- Properly checks whether the PCI/MSI parent domain is valid before trying to set up interrupts.
- Returns a proper error (-ENOTSUPP) instead of causing warnings or falling back to non-existent code.

Here’s a simplified code snippet showing the main logic change

// Before: Ignored whether legacy fallback was implemented or not
if (!dev->msi_domain && is_msix) {
    WARN_ON(1);  // Warned misleadingly
    return -EINVAL;
}

// After: Check if legacy fallback is actually supported
if (!pci_msi_domain_supports(dev) && is_msix) {
    return -ENOTSUPP;  // Correct error: "Function not supported"
}

The actual change involved correcting the pci_msi_domain_supports() function so that it *knows* if legacy mode is implemented, and stops MSI enable if it isn’t supported on that platform.

What Does This Mean in Practice?

- No more misleading warnings when enabling PCI/MSI on unsupported architectures.
- Platforms like RISC-V and LoongArch behave correctly and predictably if legacy PCI/MSI support isn’t present.
- Kernel developers and users won’t be confused by errors that don’t match the actual failure mode.

Exploit & Impact?

Is this a security vulnerability?
While there’s no direct remote code execution or privilege escalation involved, such logic bugs can have security implications:

- Denial of Service: Critical system devices might fail to allocate interrupts, leading to device malfunctions or system instability—especially during early boot on servers or embedded hardware.
- Hard-to-diagnose failures: Misleading warnings complicate debugging for users and kernel developers, possibly hiding deeper config or security issues.

If an attacker could force the system to trigger this path with a specially crafted PCI device or device tree, they might be able to render the device or system unstable.
But for most users, this bug’s main risk is subtle system instability or unreliable device operation on new CPU architectures.

References

- Official Patch Commit
- MSI Documentation
- LKML Discussion
- RISC-V Linux Platform

Conclusion

CVE-2024-56760 is a subtle but important fix for how the Linux kernel handles PCI/MSI interrupts on modern architectures. By cleaning up assumptions in the kernel code, it ensures that hardware support is detected and handled correctly—making Linux more stable across old and new platforms.

If you maintain Linux on RISC-V, LoongArch, or other emerging platforms, make sure your kernel has this patch (or is based on a version after June 2024).
Always keep kernel up to date to benefit from these and other security and reliability improvements.

Timeline

Published on: 01/06/2025 17:15:41 UTC
Last modified on: 01/07/2025 23:06:22 UTC