CVE-2022-49132
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
ath11k: pci: fix crash on suspend if board file is not found
Mario reported that the kernel was crashing on suspend if ath11k was not able to find a board file:
[ 473.693286] PM: Suspending system (s2idle) [ 473.693291] printk: Suspending console(s) (use no_console_suspend to debug) [ 474.407787] BUG: unable to handle page fault for address: 0000000000002070 [ 474.407791] #PF: supervisor read access in kernel mode [ 474.407794] #PF: error_code(0x0000) - not-present page [ 474.407798] PGD 0 P4D 0 [ 474.407801] Oops: 0000 [#1] PREEMPT SMP NOPTI [ 474.407805] CPU: 2 PID: 2350 Comm: kworker/u32:14 Tainted: G W 5.16.0 #248 […] [ 474.407868] Call Trace: [ 474.407870] <TASK> [ 474.407874] ? _raw_spin_lock_irqsave+0x2a/0x60 [ 474.407882] ? lock_timer_base+0x72/0xa0 [ 474.407889] ? _raw_spin_unlock_irqrestore+0x29/0x3d [ 474.407892] ? try_to_del_timer_sync+0x54/0x80 [ 474.407896] ath11k_dp_rx_pktlog_stop+0x49/0xc0 [ath11k] [ 474.407912] ath11k_core_suspend+0x34/0x130 [ath11k] [ 474.407923] ath11k_pci_pm_suspend+0x1b/0x50 [ath11k_pci] [ 474.407928] pci_pm_suspend+0x7e/0x170 [ 474.407935] ? pci_pm_freeze+0xc0/0xc0 [ 474.407939] dpm_run_callback+0x4e/0x150 [ 474.407947] __device_suspend+0x148/0x4c0 [ 474.407951] async_suspend+0x20/0x90 dmesg-efi-164255130401001: Oops#1 Part1 [ 474.407955] async_run_entry_fn+0x33/0x120 [ 474.407959] process_one_work+0x220/0x3f0 [ 474.407966] worker_thread+0x4a/0x3d0 [ 474.407971] kthread+0x17a/0x1a0 [ 474.407975] ? process_one_work+0x3f0/0x3f0 [ 474.407979] ? set_kthread_struct+0x40/0x40 [ 474.407983] ret_from_fork+0x22/0x30 [ 474.407991] </TASK>
The issue here is that board file loading happens after ath11k_pci_probe() succesfully returns (ath11k initialisation happends asynchronously) and the suspend handler is still enabled, of course failing as ath11k is not properly initialised. Fix this by checking ATH11K_FLAG_QMI_FAIL during both suspend and resume.
Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03003-QCAHSPSWPL_V1_V2_SILICONZ_LITE-2
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | d5c65159f2895379e11ca13f62feabe93278985d < fed4cef115ab21a18faf499b3fa9b9a4b544f941 | affected |
| Linux | Linux | d5c65159f2895379e11ca13f62feabe93278985d < f3c5ef433da82d257337424b3647ce9dcb37d4b5 | affected |
| Linux | Linux | d5c65159f2895379e11ca13f62feabe93278985d < aeed776c00e804a0f7896db39c7c661cea34ee1f | affected |
| Linux | Linux | d5c65159f2895379e11ca13f62feabe93278985d < b4f4c56459a5c744f7f066b9fc2b54ea995030c5 | affected |
| Linux | Linux | 5.6 | affected |
| Linux | Linux | 0 < 5.6 | unaffected |
| Linux | Linux | 5.15.34 <= 5.15.* | unaffected |
| Linux | Linux | 5.16.20 <= 5.16.* | unaffected |
| Linux | Linux | 5.17.3 <= 5.17.* | unaffected |
| Linux | Linux | 5.18 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/fed4cef115ab21a18faf499b3fa9b9a4b544f941
- https://git.kernel.org/stable/c/f3c5ef433da82d257337424b3647ce9dcb37d4b5
- https://git.kernel.org/stable/c/aeed776c00e804a0f7896db39c7c661cea34ee1f
- https://git.kernel.org/stable/c/b4f4c56459a5c744f7f066b9fc2b54ea995030c5
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.