In the Linux kernel, the following vulnerability has been resolved:
net: mana: Fix race on per-CQ variable napi work_done
After calling napicompletedone(), the NAPIFSTATESCHED bit may be cleared, and another CPU can start napi thread and access per-CQ variable, cq->workdone. If the other thread (for example, from busypoll) sets it to a value >= budget, this thread will continue to run when it should stop, and cause memory corruption and panic.
To fix this issue, save the per-CQ workdone variable in a local variable before napicompletedone(), so it won't be corrupted by a possible concurrent thread after napicomplete_done().
Also, add a flag bit to advertise to the NIC firmware: the NAPI workdone variable race is fixed, so the driver is able to reliably support features like busypoll.
{ "vanir_signatures": [ { "target": { "file": "drivers/net/ethernet/microsoft/mana/mana_en.c", "function": "mana_cq_handler" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@18010ff776fa42340efc428b3ea6d19b3e7c7b21", "digest": { "length": 372.0, "function_hash": "136899098724424899791876312506383476798" }, "id": "CVE-2022-48985-04c78f50", "deprecated": false, "signature_type": "Function", "signature_version": "v1" }, { "target": { "file": "drivers/net/ethernet/microsoft/mana/gdma.h" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fe50a9bbeb1f042e756c5cfa7708112c944368de", "digest": { "threshold": 0.9, "line_hashes": [ "124420761190884600221452322083471636550", "82381981142575725796948707249915266262", "219992438502361075870767325207218146161" ] }, "id": "CVE-2022-48985-3149adfa", "deprecated": false, "signature_type": "Line", "signature_version": "v1" }, { "target": { "file": "drivers/net/ethernet/microsoft/mana/gdma.h" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6740d8572ccd1bca50d8a1ca2bedc333f50ed5f3", "digest": { "threshold": 0.9, "line_hashes": [ "124420761190884600221452322083471636550", "82381981142575725796948707249915266262", "219992438502361075870767325207218146161" ] }, "id": "CVE-2022-48985-4b62651b", "deprecated": false, "signature_type": "Line", "signature_version": "v1" }, { "target": { "file": "drivers/net/ethernet/microsoft/mana/mana_en.c", "function": "mana_cq_handler" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fe50a9bbeb1f042e756c5cfa7708112c944368de", "digest": { "length": 372.0, "function_hash": "136899098724424899791876312506383476798" }, "id": "CVE-2022-48985-51a90325", "deprecated": false, "signature_type": "Function", "signature_version": "v1" }, { "target": { "file": "drivers/net/ethernet/microsoft/mana/mana_en.c", "function": "mana_poll" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6740d8572ccd1bca50d8a1ca2bedc333f50ed5f3", "digest": { "length": 253.0, "function_hash": "174613920569153053522416134424954405412" }, "id": "CVE-2022-48985-89d3a942", "deprecated": false, "signature_type": "Function", "signature_version": "v1" }, { "target": { "file": "drivers/net/ethernet/microsoft/mana/mana_en.c", "function": "mana_poll" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fe50a9bbeb1f042e756c5cfa7708112c944368de", "digest": { "length": 253.0, "function_hash": "174613920569153053522416134424954405412" }, "id": "CVE-2022-48985-8c22894b", "deprecated": false, "signature_type": "Function", "signature_version": "v1" }, { "target": { "file": "drivers/net/ethernet/microsoft/mana/mana_en.c", "function": "mana_poll" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@18010ff776fa42340efc428b3ea6d19b3e7c7b21", "digest": { "length": 253.0, "function_hash": "174613920569153053522416134424954405412" }, "id": "CVE-2022-48985-9a0891cb", "deprecated": false, "signature_type": "Function", "signature_version": "v1" }, { "target": { "file": "drivers/net/ethernet/microsoft/mana/mana_en.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fe50a9bbeb1f042e756c5cfa7708112c944368de", "digest": { "threshold": 0.9, "line_hashes": [ "302197118965572758998371619708237854810", "143788815029746524922967410159937413014", "11932897504822139803897584937990648316", "269956548214852970978281631019054206229", "166806351250547370367423812050151395987", "181127370610406213742438160516182256398", "274624853884447751099226608805012238640", "8979084535539287512205912150916922737", "52148230577977308988728677131054772624", "186960268767012163247985591360843494049", "224262899362873016132318389461370325036", "234241843292356992212369564470478478618", "61553916027862915117757402002941533138", "94301086314478762984688685651928300488", "319894775135807039030338458730234915168", "46307534120957835813916558321524069106", "215200352054815277519895508826171972469", "172750543769587168485022384187066590134", "295331183400153199809114208664457529442", "310916613612723337435363800530218579771", "27307284632261815325672868128651376900", "297977159262310314529617362501636728298", "813448013172333191198769318805161095", "198169229742296309407502530851364735819", "81447268702092960511160345344484386420" ] }, "id": "CVE-2022-48985-aebe66e2", "deprecated": false, "signature_type": "Line", "signature_version": "v1" }, { "target": { "file": "drivers/net/ethernet/microsoft/mana/mana_en.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6740d8572ccd1bca50d8a1ca2bedc333f50ed5f3", "digest": { "threshold": 0.9, "line_hashes": [ "110090612918123703587007931222860302279", "24070589520872397749469025705916603412", "11932897504822139803897584937990648316", "269956548214852970978281631019054206229", "166806351250547370367423812050151395987", "181127370610406213742438160516182256398", "274624853884447751099226608805012238640", "8979084535539287512205912150916922737", "52148230577977308988728677131054772624", "186960268767012163247985591360843494049", "224262899362873016132318389461370325036", "234241843292356992212369564470478478618", "61553916027862915117757402002941533138", "94301086314478762984688685651928300488", "319894775135807039030338458730234915168", "46307534120957835813916558321524069106", "215200352054815277519895508826171972469", "172750543769587168485022384187066590134", "295331183400153199809114208664457529442", "310916613612723337435363800530218579771", "27307284632261815325672868128651376900", "297977159262310314529617362501636728298", "813448013172333191198769318805161095", "198169229742296309407502530851364735819", "81447268702092960511160345344484386420" ] }, "id": "CVE-2022-48985-d8a453e3", "deprecated": false, "signature_type": "Line", "signature_version": "v1" }, { "target": { "file": "drivers/net/ethernet/microsoft/mana/gdma.h" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@18010ff776fa42340efc428b3ea6d19b3e7c7b21", "digest": { "threshold": 0.9, "line_hashes": [ "124420761190884600221452322083471636550", "82381981142575725796948707249915266262", "219992438502361075870767325207218146161" ] }, "id": "CVE-2022-48985-e2788492", "deprecated": false, "signature_type": "Line", "signature_version": "v1" }, { "target": { "file": "drivers/net/ethernet/microsoft/mana/mana_en.c", "function": "mana_cq_handler" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6740d8572ccd1bca50d8a1ca2bedc333f50ed5f3", "digest": { "length": 372.0, "function_hash": "136899098724424899791876312506383476798" }, "id": "CVE-2022-48985-e93c9fdf", "deprecated": false, "signature_type": "Function", "signature_version": "v1" }, { "target": { "file": "drivers/net/ethernet/microsoft/mana/mana_en.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@18010ff776fa42340efc428b3ea6d19b3e7c7b21", "digest": { "threshold": 0.9, "line_hashes": [ "110090612918123703587007931222860302279", "24070589520872397749469025705916603412", "11932897504822139803897584937990648316", "269956548214852970978281631019054206229", "166806351250547370367423812050151395987", "181127370610406213742438160516182256398", "274624853884447751099226608805012238640", "8979084535539287512205912150916922737", "52148230577977308988728677131054772624", "186960268767012163247985591360843494049", "224262899362873016132318389461370325036", "234241843292356992212369564470478478618", "61553916027862915117757402002941533138", "94301086314478762984688685651928300488", "319894775135807039030338458730234915168", "46307534120957835813916558321524069106", "215200352054815277519895508826171972469", "172750543769587168485022384187066590134", "295331183400153199809114208664457529442", "310916613612723337435363800530218579771", "27307284632261815325672868128651376900", "297977159262310314529617362501636728298", "813448013172333191198769318805161095", "198169229742296309407502530851364735819", "81447268702092960511160345344484386420" ] }, "id": "CVE-2022-48985-f8178bb6", "deprecated": false, "signature_type": "Line", "signature_version": "v1" } ] }