CVE-2024-42110
- Source
- https://cve.org/CVERecord?id=CVE-2024-42110
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-42110.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-42110
- Downstream
- Related
- Published
- 2024-07-30T07:46:04.892Z
- Modified
- 2026-03-13T07:56:13.361702Z
- Summary
- net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
net: ntbnetdev: Move ntbnetdevrxhandler() to call netif_rx() from _netifrx()
The following is emitted when using idxd (DSA) dmanegine as the data mover for ntbtransport that ntbnetdev uses.
[74412.546922] BUG: using smpprocessorid() in preemptible [00000000] code: irq/52-idxd-por/14526 [74412.556784] caller is netifrxinternal+0x42/0x130 [74412.562282] CPU: 6 PID: 14526 Comm: irq/52-idxd-por Not tainted 6.9.5 #5 [74412.569870] Hardware name: Intel Corporation ArcherCity/ArcherCity, BIOS EGSDCRB1.E9I.1752.P05.2402080856 02/08/2024 [74412.581699] Call Trace: [74412.584514] <TASK> [74412.586933] dumpstacklvl+0x55/0x70 [74412.591129] checkpreemptiondisabled+0xc8/0xf0 [74412.596374] netifrxinternal+0x42/0x130 [74412.600957] __netifrx+0x20/0xd0 [74412.604743] ntbnetdev_rxhandler+0x66/0x150 [ntbnetdev] [74412.610985] ntbcompleterxc+0xed/0x140 [ntbtransport] [74412.617010] ntbrxcopycallback+0x53/0x80 [ntbtransport] [74412.623332] idxddmacompletetxd+0xe3/0x160 [idxd] [74412.628963] idxdwqthread+0x1a6/0x2b0 [idxd] [74412.634046] irqthreadfn+0x21/0x60 [74412.638134] ? irqthread+0xa8/0x290 [74412.642218] irqthread+0x1a0/0x290 [74412.646212] ? __pfxirqthread_fn+0x10/0x10 [74412.651071] ? __pfxirqthread_dtor+0x10/0x10 [74412.656117] ? __pfxirqthread+0x10/0x10 [74412.660686] kthread+0x100/0x130 [74412.664384] ? __pfxkthread+0x10/0x10 [74412.668639] retfrom_fork+0x31/0x50 [74412.672716] ? __pfxkthread+0x10/0x10 [74412.676978] retfromforkasm+0x1a/0x30 [74412.681457] </TASK>
The cause is due to the idxd driver interrupt completion handler uses threaded interrupt and the threaded handler is not hard or soft interrupt context. However __netifrx() can only be called from interrupt context. Change the call to netifrx() in order to allow completion via normal context for dmaengine drivers that utilize threaded irq handling.
While the following commit changed from netif_rx() to _netifrx(), baebdf48c360 ("net: dev: Makes sure netifrx() can be invoked in any context."), the change should've been a noop instead. However, the code precedes this fix should've been using netifrxni() or netifrxanycontext().
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/42xxx/CVE-2024-42110.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/4b3b6c7efee69f077b86ef7f088fb96768e46e1f
- https://git.kernel.org/stable/c/858ae09f03677a4ab907a15516893bc2cc79d4c3
- https://git.kernel.org/stable/c/e15a5d821e5192a3769d846079bc9aa380139baf
- https://git.kernel.org/stable/c/e3af5b14e7632bf12058533d69055393e2d126c9
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/42xxx/CVE-2024-42110.json
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- https://nvd.nist.gov/vuln/detail/CVE-2024-42110
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced548c237c0a9972df5d1afaca38aa733ee577128dFixed4b3b6c7efee69f077b86ef7f088fb96768e46e1fFixede3af5b14e7632bf12058533d69055393e2d126c9Fixed858ae09f03677a4ab907a15516893bc2cc79d4c3Fixede15a5d821e5192a3769d846079bc9aa380139baf