漏洞标题
spi: 太阳6I: 修复DMA接收传输完成和RXFIFO排水之间的竞态条件
漏洞描述信息
在Linux内核中,已经解决了以下漏洞:
spi: sun6i: 修复DMA接收模式中的竞争条件。仅在中断模式下将RX FIFO排空。
此外,在DMA模式下,等待RX DMA传输完成后再返回,以确保所有数据已复制到提供的内存缓冲区中。
:
:
CVSS信息
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
漏洞类别
使用共享资源的并发执行不恰当同步问题(竞争条件)
漏洞标题
spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain
漏洞描述信息
In the Linux kernel, the following vulnerability has been resolved:
spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain
Previously the transfer complete IRQ immediately drained to RX FIFO to
read any data remaining in FIFO to the RX buffer. This behaviour is
correct when dealing with SPI in interrupt mode. However in DMA mode the
transfer complete interrupt still fires as soon as all bytes to be
transferred have been stored in the FIFO. At that point data in the FIFO
still needs to be picked up by the DMA engine. Thus the drain procedure
and DMA engine end up racing to read from RX FIFO, corrupting any data
read. Additionally the RX buffer pointer is never adjusted according to
DMA progress in DMA mode, thus calling the RX FIFO drain procedure in DMA
mode is a bug.
Fix corruptions in DMA RX mode by draining RX FIFO only in interrupt mode.
Also wait for completion of RX DMA when in DMA mode before returning to
ensure all data has been copied to the supplied memory buffer.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Linux kernel 安全漏洞
漏洞描述信息
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于DMA RX 传输完成和 RX FIFO 耗尽之间存在竞争。
CVSS信息
N/A
漏洞类别
其他