CVE-2021-46990

Summary

In the Linux kernel, the following vulnerability has been resolved:

powerpc/64s: Fix crashes when toggling entry flush barrier

The entry flush mitigation can be enabled/disabled at runtime via a debugfs file (entry_flush), which causes the kernel to patch itself to enable/disable the relevant mitigations.

However depending on which mitigation we're using, it may not be safe to do that patching while other CPUs are active. For example the following crash:

sleeper[15639]: segfault (11) at c000000000004c20 nip c000000000004c20 lr c000000000004c20

Shows that we returned to userspace with a corrupted LR that points into the kernel, due to executing the partially patched call to the fallback entry flush (ie. we missed the LR restore).

Fix it by doing the patching under stop machine. The CPUs that aren't doing the patching will be spinning in the core of the stop machine logic. That is currently sufficient for our purposes, because none of the patching we do is to that code or anywhere in the vicinity.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux4a1e90af718d1489ffcecc8f52486c4f5dc0f7a6 < 8382b15864e5014261b4f36c2aa89723612ee058affected
LinuxLinuxfa4bf9f38184ed7ca4916eb64f8c767d1e279c1f < 0c25a7bb697f2e6ee65b6d63782f675bf129511aaffected
LinuxLinuxdb01cad9efe3c3838a6b3a3f68affd295c4b92d6 < ee4b7aab93c2631c3bb0753023c5dda592bb666baffected
LinuxLinuxf69bb4e51f41973fb7594be1479fa689831efe1a < 2db22ba4e0e103f00e0512e0ecce36ac78c644f8affected
LinuxLinuxb65458b6be8032c5179d4f562038575d7b3a6be3 < 0b4eb172cc12dc102cd0ad013e53ee4463db9508affected
LinuxLinuxf79643787e0a0762d2409b7b8334e83f22d85695 < d2e3590ca39ccfd8a5a46d8c7f095cb6c7b9ae92affected
LinuxLinuxf79643787e0a0762d2409b7b8334e83f22d85695 < dd0d6117052faace5440db20fc37175efe921c7daffected
LinuxLinuxf79643787e0a0762d2409b7b8334e83f22d85695 < 5bc00fdda1e934c557351a9c751a205293e68cbfaffected
LinuxLinuxf79643787e0a0762d2409b7b8334e83f22d85695 < aec86b052df6541cc97c5fca44e5934cbea4963baffected
LinuxLinuxe590b36718d6e740b7b19514f710402a6499164caffected
LinuxLinux4.4.245 < 4.4.269affected
LinuxLinux4.9.245 < 4.9.269affected
LinuxLinux4.14.208 < 4.14.233affected
LinuxLinux4.19.159 < 4.19.191affected
LinuxLinux5.4.79 < 5.4.120affected
LinuxLinux5.9.10 < 5.10affected
LinuxLinux5.10affected
LinuxLinux0 < 5.10unaffected
LinuxLinux4.4.269 <= 4.4.*unaffected
LinuxLinux4.9.269 <= 4.9.*unaffected
LinuxLinux4.14.233 <= 4.14.*unaffected
LinuxLinux4.19.191 <= 4.19.*unaffected
LinuxLinux5.4.120 <= 5.4.*unaffected
LinuxLinux5.10.38 <= 5.10.*unaffected
LinuxLinux5.11.22 <= 5.11.*unaffected
LinuxLinux5.12.5 <= 5.12.*unaffected
LinuxLinux5.13 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References