CVE-2021-47414

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-47414
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-47414.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-47414
Related
Published
2024-05-21T15:15:26Z
Modified
2024-09-11T04:41:10.218707Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

riscv: Flush current cpu icache before other cpus

On SiFive Unmatched, I recently fell onto the following BUG when booting:

[ 0.000000] ftrace: allocating 36610 entries in 144 pages [ 0.000000] Oops - illegal instruction [#1] [ 0.000000] Modules linked in: [ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 5.13.1+ #5 [ 0.000000] Hardware name: SiFive HiFive Unmatched A00 (DT) [ 0.000000] epc : riscvcpuidtohartidmask+0x6/0xae [ 0.000000] ra : _sbirfencev02+0xc8/0x10a [ 0.000000] epc : ffffffff80007240 ra : ffffffff80009964 sp : ffffffff81803e10 [ 0.000000] gp : ffffffff81a1ea70 tp : ffffffff8180f500 t0 : ffffffe07fe30000 [ 0.000000] t1 : 0000000000000004 t2 : 0000000000000000 s0 : ffffffff81803e60 [ 0.000000] s1 : 0000000000000000 a0 : ffffffff81a22238 a1 : ffffffff81803e10 [ 0.000000] a2 : 0000000000000000 a3 : 0000000000000000 a4 : 0000000000000000 [ 0.000000] a5 : 0000000000000000 a6 : ffffffff8000989c a7 : 0000000052464e43 [ 0.000000] s2 : ffffffff81a220c8 s3 : 0000000000000000 s4 : 0000000000000000 [ 0.000000] s5 : 0000000000000000 s6 : 0000000200000100 s7 : 0000000000000001 [ 0.000000] s8 : ffffffe07fe04040 s9 : ffffffff81a22c80 s10: 0000000000001000 [ 0.000000] s11: 0000000000000004 t3 : 0000000000000001 t4 : 0000000000000008 [ 0.000000] t5 : ffffffcf04000808 t6 : ffffffe3ffddf188 [ 0.000000] status: 0000000200000100 badaddr: 0000000000000000 cause: 0000000000000002 [ 0.000000] [<ffffffff80007240>] riscvcpuidtohartidmask+0x6/0xae [ 0.000000] [<ffffffff80009474>] sbiremotefencei+0x1e/0x26 [ 0.000000] [<ffffffff8000b8f4>] flushicacheall+0x12/0x1a [ 0.000000] [<ffffffff8000666c>] patchtextnosync+0x26/0x32 [ 0.000000] [<ffffffff8000884e>] ftraceinitnop+0x52/0x8c [ 0.000000] [<ffffffff800f051e>] ftraceprocesslocs.isra.0+0x29c/0x360 [ 0.000000] [<ffffffff80a0e3c6>] ftraceinit+0x80/0x130 [ 0.000000] [<ffffffff80a00f8c>] startkernel+0x5c4/0x8f6 [ 0.000000] ---[ end trace f67eb9af4d8d492b ]--- [ 0.000000] Kernel panic - not syncing: Attempted to kill the idle task! [ 0.000000] ---[ end Kernel panic - not syncing: Attempted to kill the idle task! ]---

While ftrace is looping over a list of addresses to patch, it always failed when patching the same function: riscvcpuidtohartidmask. Looking at the backtrace, the illegal instruction is encountered in this same function. However, patchtextnosync, after patching the instructions, calls flushicacherange. But looking at what happens in this function:

flushicacherange -> flushicacheall -> sbiremotefencei -> _sbirfencev02 -> riscvcpuidtohartidmask

The icache and dcache of the current cpu are never synchronized between the patching of riscvcpuidtohartidmask and calling this same function.

So fix this by flushing the current cpu's icache before asking for the other cpus to do the same.

References

Affected packages

Debian:11 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.84-1

Affected versions

5.*

5.10.46-4
5.10.46-5
5.10.70-1~bpo10+1
5.10.70-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.12-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.12-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}