CVE-2021-47229

In the Linux kernel, the following vulnerability has been resolved: PCI:
aardvark: Fix kernel panic during PIO transfer Trying to start a new PIO
transfer by writing value 0 in PIO_START register when previous transfer
has not yet completed (which is indicated by value 1 in PIO_START) causes
an External Abort on CPU, which results in kernel panic: SError Interrupt
on CPU0, code 0xbf000002 – SError Kernel panic - not syncing: Asynchronous
SError Interrupt To prevent kernel panic, it is required to reject a new
PIO transfer when previous one has not finished yet. If previous PIO
transfer is not finished yet, the kernel may issue a new PIO request only
if the previous PIO transfer timed out. In the past the root cause of this
issue was incorrectly identified (as it often happens during link
retraining or after link down event) and special hack was implemented in
Trusted Firmware to catch all SError events in EL3, to ignore errors with
code 0xbf000002 and not forwarding any other errors to kernel and instead
throw panic from EL3 Trusted Firmware handler. Links to discussion and
patches about this issue:
https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=3c7dcdac5c50
https://lore.kernel.org/linux-pci/[email protected]/
https://lore.kernel.org/linux-pci/[email protected]/
https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/1541 But the
real cause was the fact that during link retraining or after link down
event the PIO transfer may take longer time, up to the 1.44s until it times
out. This increased probability that a new PIO transfer would be issued by
kernel while previous one has not finished yet. After applying this change
into the kernel, it is possible to revert the mentioned TF-A hack and
SError events do not have to be caught in TF-A EL3.