In the Linux kernel, the following vulnerability has been resolved: PCI:
aardvark: Fix kernel panic during PIO transfer Trying to start a new PIO
transfer by writing value 0 in PIO_START register when previous transfer
has not yet completed (which is indicated by value 1 in PIO_START) causes
an External Abort on CPU, which results in kernel panic: SError Interrupt
on CPU0, code 0xbf000002 – SError Kernel panic - not syncing: Asynchronous
SError Interrupt To prevent kernel panic, it is required to reject a new
PIO transfer when previous one has not finished yet. If previous PIO
transfer is not finished yet, the kernel may issue a new PIO request only
if the previous PIO transfer timed out. In the past the root cause of this
issue was incorrectly identified (as it often happens during link
retraining or after link down event) and special hack was implemented in
Trusted Firmware to catch all SError events in EL3, to ignore errors with
code 0xbf000002 and not forwarding any other errors to kernel and instead
throw panic from EL3 Trusted Firmware handler. Links to discussion and
patches about this issue:
https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=3c7dcdac5c50
https://lore.kernel.org/linux-pci/[email protected]/
https://lore.kernel.org/linux-pci/[email protected]/
https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/1541 But the
real cause was the fact that during link retraining or after link down
event the PIO transfer may take longer time, up to the 1.44s until it times
out. This increased probability that a new PIO transfer would be issued by
kernel while previous one has not finished yet. After applying this change
into the kernel, it is possible to revert the mentioned TF-A hack and
SError events do not have to be caught in TF-A EL3.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 23.10 | noarch | linux | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 14.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < any | UNKNOWN |
git.kernel.org/linus/f18139966d072dab8e4398c95ce955a9742e04f7 (5.13-rc7)
git.kernel.org/stable/c/1a1dbc4473974867fe8c5f195c17b341c8e82867
git.kernel.org/stable/c/3d213a4ddf49a860be6e795482c17f87e0c82b2a
git.kernel.org/stable/c/400e6b1860c8be61388d0b77814c53260f96e17a
git.kernel.org/stable/c/4c90f90a91d75c3c73dd633827c90e8746d9f54d
git.kernel.org/stable/c/b00a9aaa4be20ad6e3311fb78a485eae0899e89a
git.kernel.org/stable/c/f18139966d072dab8e4398c95ce955a9742e04f7
launchpad.net/bugs/cve/CVE-2021-47229
nvd.nist.gov/vuln/detail/CVE-2021-47229
security-tracker.debian.org/tracker/CVE-2021-47229
www.cve.org/CVERecord?id=CVE-2021-47229