CVE-2022-48653

In the Linux kernel, the following vulnerability has been resolved:

ice: Don't double unplug aux on peer initiated reset

In the IDC callback that is accessed when the aux drivers request a reset, the function to unplug the aux devices is called. This function is also called in the icepreparefor_reset function. This double call is causing a "scheduling while atomic" BUG.

[ 662.676430] ice 0000:4c:00.0 rocep76s0: cqp opcode = 0x1 majerrcode = 0xffff minerrcode = 0x8003

[ 662.676609] ice 0000:4c:00.0 rocep76s0: [Modify QP Cmd Error][opcode=8] status=-29 waiting=1 completionerr=1 maj=0xffff min=0x8003

[ 662.815006] ice 0000:4c:00.0 rocep76s0: ICE OICR event notification: oicr = 0x10000003

[ 662.815014] ice 0000:4c:00.0 rocep76s0: critical PE Error, GLPE_CRITERR=0x00011424

[ 662.815017] ice 0000:4c:00.0 rocep76s0: Requesting a reset

[ 662.815475] BUG: scheduling while atomic: swapper/37/0/0x00010002

[ 662.815475] BUG: scheduling while atomic: swapper/37/0/0x00010002 [ 662.815477] Modules linked in: rpcsecgsskrb5 authrpcgss nfsv4 dnsresolver nfs lockd grace fscache netfs rfkill 8021q garp mrp stp llc vfat fat rpcrdma intelraplmsr intelraplcommon sunrpc i10nmedac rdmaucm nfit ibsrpt libnvdimm ibisert iscsitargetmod x86pkgtempthermal intelpowerclamp coretemp targetcoremod sndhdaintel ibiser sndinteldspcfg libiscsi sndintelsdwacpi scsitransportiscsi kvmintel iTCOwdt rdmacm sndhdacodec kvm iwcm ipmissif iTCOvendorsupport sndhdacore irqbypass crct10difpclmul crc32pclmul ghashclmulniintel sndhwdep sndseq sndseqdevice rapl sndpcm sndtimer isstifmboxpci pcspkr isstifmmio irdma inteluncore idxd acpiipmi joydev isstifcommon snd meime idxdbus ipmisi soundcore i2ci801 mei ipmidevintf i2csmbus i2cismt ipmimsghandler acpipowermeter acpipad rv(OE) ibuverbs ibcm ibcore xfs libcrc32c ast i2calgobit drmvramhelper drmkmshelper syscopyarea sysfillrect sysimgblt fbsysfops drmttmhelpe r ttm [ 662.815546] nvme nvmecore ice drm crc32cintel i40e t10pi wmi pinctrlemmitsburg dmmirror dmregionhash dmlog dmmod fuse [ 662.815557] Preemption disabled at: [ 662.815558] [<0000000000000000>] 0x0 [ 662.815563] CPU: 37 PID: 0 Comm: swapper/37 Kdump: loaded Tainted: G S OE 5.17.1 #2 [ 662.815566] Hardware name: Intel Corporation D50DNP/D50DNP, BIOS SE5C6301.86B.6624.D18.2111021741 11/02/2021 [ 662.815568] Call Trace: [ 662.815572] <IRQ> [ 662.815574] dumpstacklvl+0x33/0x42 [ 662.815581] _schedulebug.cold.147+0x7d/0x8a [ 662.815588] _schedule+0x798/0x990 [ 662.815595] schedule+0x44/0xc0 [ 662.815597] schedulepreemptdisabled+0x14/0x20 [ 662.815600] _mutexlock.isra.11+0x46c/0x490 [ 662.815603] ? _ibdevprintk+0x76/0xc0 [ibcore] [ 662.815633] devicedel+0x37/0x3d0 [ 662.815639] iceunplugauxdev+0x1a/0x40 [ice] [ 662.815674] iceschedulereset+0x3c/0xd0 [ice] [ 662.815693] irdmaiidceventhandler.cold.7+0xb6/0xd3 [irdma] [ 662.815712] ? bitmapfindnextzeroareaoff+0x45/0xa0 [ 662.815719] icesendeventtoaux+0x54/0x70 [ice] [ 662.815741] icemiscintr+0x21d/0x2d0 [ice] [ 662.815756] _handleirqeventpercpu+0x4c/0x180 [ 662.815762] handleirqeventpercpu+0xf/0x40 [ 662.815764] handleirqevent+0x34/0x60 [ 662.815766] handleedgeirq+0x9a/0x1c0 [ 662.815770] _commoninterrupt+0x62/0x100 [ 662.815774] commoninterrupt+0xb4/0xd0 [ 662.815779] </IRQ> [ 662.815780] <TASK> [ 662.815780] asmcommoninterrupt+0x1e/0x40 [ 662.815785] RIP: 0010:cpuidleenter_state+0xd6/0x380 [ 662.815789] Code: 49 89 c4 0f 1f 44 00 00 31 ff e8 65 d7 95 ff 45 84 ff 74 12 9c 58 f6 c4 02 0f 85 64 02 00 00 31 ff e8 ae c5 9c ff fb 45 85 f6 <0f> 88 12 01 00 00 49 63 d6 4c 2b 24 24 48 8d 04 52 48 8d 04 82 49 [ 662.815791] RSP: 0018:ff2c2c4f18edbe80 EFLAGS: 00000202 [ 662.815793] RAX: ff280805df140000 RBX: 0000000000000002 RCX: 000000000000001f [ 662.815795] RDX: 0000009a52da2d08 R ---truncated---