CVE-2024-42071 Information
Description
In the Linux kernel the following vulnerability has been resolved:
ionic: use dev_consume_skb_any outside of napi
If we’re not in a NAPI softirq context we need to be careful about how we call napi_consume_skb() specifically we need to call it with budget==0 to signal to it that we’re not in a safe context.
This was found while running some configuration stress testing of traffic and a change queue config loop running and this curious note popped out:
[ 4371.402645] BUG: using smp_processor_id() in preemptible [00000000] code: ethtool/20545
[ 4371.402897] caller is napi_skb_cache_put+0x16/0x80
[ 4371.403120] CPU: 25 PID: 20545 Comm: ethtool Kdump: loaded Tainted: G OE 6.10.0-rc3-netnext+ 8
[ 4371.403302] Hardware name: HPE ProLiant DL360 Gen10/ProLiant DL360 Gen10 BIOS U32 01/23/2021
[ 4371.403460] Call Trace:
[ 4371.403613]
I found that ionic_tx_clean() calls napi_consume_skb() which calls napi_skb_cache_put() but before that last call is the note / Zero budget indicate non-NAPI context called us like netpoll / and DEBUG_NET_WARN_ON_ONCE(!in_softirq());
Those are pretty big hints that we’re doing it wrong. We can pass a context hint down through the calls to let ionic_tx_clean() know what we’re doing so it can call napi_consume_skb() correctly.
Reference
https://git.kernel.org/stable/c/ef7646ed49fff962e97b276f4ab91327a67eeb5a https://git.kernel.org/stable/c/84b767f9e34fdb143c09e66a2a20722fc2921821
Share on: