CVE-2021-47169

In the Linux kernel, the following vulnerability has been resolved: serial:
rp2: use ‘request_firmware’ instead of ‘request_firmware_nowait’ In
‘rp2_probe’, the driver registers ‘rp2_uart_interrupt’ then calls
‘rp2_fw_cb’ through ‘request_firmware_nowait’. In ‘rp2_fw_cb’, if the
firmware don’t exists, function just return without initializing ports of
‘rp2_card’. But now the interrupt handler function has been registered, and
when an interrupt comes, ‘rp2_uart_interrupt’ may access those ports then
causing NULL pointer dereference or other bugs. Because the driver does
some initialization work in ‘rp2_fw_cb’, in order to make the driver ready
to handle interrupts, ‘request_firmware’ should be used instead of
asynchronous ‘request_firmware_nowait’. This report reveals it: INFO:
trying to register non-static key. the code is fine but needs lockdep
annotation. turning off the locking correctness validator. CPU: 2 PID: 0
Comm: swapper/2 Not tainted 4.19.177-gdba4159c14ef-dirty #45 Hardware name:
QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-
gc9ba5276e321-prebuilt.qemu.org 04/01/2014 Call Trace: <IRQ> __dump_stack
lib/dump_stack.c:77 [inline] dump_stack+0xec/0x156 lib/dump_stack.c:118
assign_lock_key kernel/locking/lockdep.c:727 [inline]
register_lock_class+0x14e5/0x1ba0 kernel/locking/lockdep.c:753
__lock_acquire+0x187/0x3750 kernel/locking/lockdep.c:3303
lock_acquire+0x124/0x340 kernel/locking/lockdep.c:3907 __raw_spin_lock
include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x32/0x50
kernel/locking/spinlock.c:144 spin_lock include/linux/spinlock.h:329
[inline] rp2_ch_interrupt drivers/tty/serial/rp2.c:466 [inline]
rp2_asic_interrupt.isra.9+0x15d/0x990 drivers/tty/serial/rp2.c:493
rp2_uart_interrupt+0x49/0xe0 drivers/tty/serial/rp2.c:504
__handle_irq_event_percpu+0xfb/0x770 kernel/irq/handle.c:149
handle_irq_event_percpu+0x79/0x150 kernel/irq/handle.c:189
handle_irq_event+0xac/0x140 kernel/irq/handle.c:206
handle_fasteoi_irq+0x232/0x5c0 kernel/irq/chip.c:725
generic_handle_irq_desc include/linux/irqdesc.h:155 [inline]
handle_irq+0x230/0x3a0 arch/x86/kernel/irq_64.c:87 do_IRQ+0xa7/0x1e0
arch/x86/kernel/irq.c:247 common_interrupt+0xf/0xf
arch/x86/entry/entry_64.S:670 </IRQ> RIP: 0010:native_safe_halt+0x28/0x30
arch/x86/include/asm/irqflags.h:61 Code: 00 00 55 be 04 00 00 00 48 c7 c7
00 c2 2f 8c 48 89 e5 e8 fb 31 e7 f8 8b 05 75 af 8d 03 85 c0 7e 07 0f 00 2d
8a 61 65 00 fb f4 <5d> c3 90 90 90 90 90 90 0f 1f 44 00 00 55 48 89 e5 41
57 41 56 41 RSP: 0018:ffff88806b71fcc8 EFLAGS: 00000246 ORIG_RAX:
ffffffffffffffde RAX: 0000000000000000 RBX: ffffffff8bde7e48 RCX:
ffffffff88a21285 RDX: 0000000000000000 RSI: 0000000000000004 RDI:
ffffffff8c2fc200 RBP: ffff88806b71fcc8 R08: fffffbfff185f840 R09:
fffffbfff185f840 R10: 0000000000000001 R11: fffffbfff185f840 R12:
0000000000000002 R13: ffffffff8bea18a0 R14: 0000000000000000 R15:
0000000000000000 arch_safe_halt arch/x86/include/asm/paravirt.h:94 [inline]
default_idle+0x6f/0x360 arch/x86/kernel/process.c:557
arch_cpu_idle+0xf/0x20 arch/x86/kernel/process.c:548
default_idle_call+0x3b/0x60 kernel/sched/idle.c:93 cpuidle_idle_call
kernel/sched/idle.c:153 [inline] do_idle+0x2ab/0x3c0
kernel/sched/idle.c:263 cpu_startup_entry+0xcb/0xe0 kernel/sched/idle.c:369
start_secondary+0x3b8/0x4e0 arch/x86/kernel/smpboot.c:271
secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:243 BUG: unable to
handle kernel NULL pointer dereference at 0000000000000010 PGD
8000000056d27067 P4D 8000000056d27067 PUD 56d28067 PMD 0 Oops: 0000 [#1]
PREEMPT SMP KASAN PTI CPU: 2 PID: 0 Comm: swapper/2 Not tainted
4.19.177-gdba4159c14ef-dirty #45 Hardware name: QEMU Standard PC (Q35 +
ICH9, 2009), BIOS rel-1.12.0-59- gc9ba5276e321-prebuilt.qemu.org 04/01/2014
RIP: 0010:readl arch/x86/include/asm/io.h:59 [inline] RIP:
0010:rp2_ch_interrupt drivers/tty/serial/rp2.c:472 [inline] RIP:
0010:rp2_asic_interrupt.isra.9+0x181/0x990 drivers/tty/serial/rp2.c: 493 Co
—truncated—