CVE-2021-46970
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
bus: mhi: pci_generic: Remove WQ_MEM_RECLAIM flag from state workqueue
A recent change created a dedicated workqueue for the state-change work with WQ_HIGHPRI (no strong reason for that) and WQ_MEM_RECLAIM flags, but the state-change work (mhi_pm_st_worker) does not guarantee forward progress under memory pressure, and will even wait on various memory allocations when e.g. creating devices, loading firmware, etc… The work is then not part of a memory reclaim path…
Moreover, this causes a warning in check_flush_dependency() since we end up in code that flushes a non-reclaim workqueue:
[ 40.969601] workqueue: WQ_MEM_RECLAIM mhi_hiprio_wq:mhi_pm_st_worker [mhi] is flushing !WQ_MEM_RECLAIM events_highpri:flush_backlog [ 40.969612] WARNING: CPU: 4 PID: 158 at kernel/workqueue.c:2607 check_flush_dependency+0x11c/0x140 [ 40.969733] Call Trace: [ 40.969740] __flush_work+0x97/0x1d0 [ 40.969745] ? wake_up_process+0x15/0x20 [ 40.969749] ? insert_work+0x70/0x80 [ 40.969750] ? __queue_work+0x14a/0x3e0 [ 40.969753] flush_work+0x10/0x20 [ 40.969756] rollback_registered_many+0x1c9/0x510 [ 40.969759] unregister_netdevice_queue+0x94/0x120 [ 40.969761] unregister_netdev+0x1d/0x30 [ 40.969765] mhi_net_remove+0x1a/0x40 [mhi_net] [ 40.969770] mhi_driver_remove+0x124/0x250 [mhi] [ 40.969776] device_release_driver_internal+0xf0/0x1d0 [ 40.969778] device_release_driver+0x12/0x20 [ 40.969782] bus_remove_device+0xe1/0x150 [ 40.969786] device_del+0x17b/0x3e0 [ 40.969791] mhi_destroy_device+0x9a/0x100 [mhi] [ 40.969796] ? mhi_unmap_single_use_bb+0x50/0x50 [mhi] [ 40.969799] device_for_each_child+0x5e/0xa0 [ 40.969804] mhi_pm_st_worker+0x921/0xf50 [mhi]
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 8f70397876872789b2a5deba804eb6216fb5deb7 < abd1510c08a13c88d24b622a83c82e87ff1d3135 | affected |
| Linux | Linux | 8f70397876872789b2a5deba804eb6216fb5deb7 < ed541cff35cbdb695f0c98ef506dd7218883fc07 | affected |
| Linux | Linux | 8f70397876872789b2a5deba804eb6216fb5deb7 < 0fccbf0a3b690b162f53b13ed8bc442ea33437dc | affected |
| Linux | Linux | 5.11 | affected |
| Linux | Linux | 0 < 5.11 | unaffected |
| Linux | Linux | 5.11.20 <= 5.11.* | unaffected |
| Linux | Linux | 5.12.3 <= 5.12.* | unaffected |
| Linux | Linux | 5.13 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://git.kernel.org/stable/c/abd1510c08a13c88d24b622a83c82e87ff1d3135
- https://git.kernel.org/stable/c/ed541cff35cbdb695f0c98ef506dd7218883fc07
- https://git.kernel.org/stable/c/0fccbf0a3b690b162f53b13ed8bc442ea33437dc
References
- https://git.kernel.org/stable/c/abd1510c08a13c88d24b622a83c82e87ff1d3135
- https://git.kernel.org/stable/c/ed541cff35cbdb695f0c98ef506dd7218883fc07
- https://git.kernel.org/stable/c/0fccbf0a3b690b162f53b13ed8bc442ea33437dc
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.