APPLIED: [SRU Bionic 0/1] UBUNTU: SAUCE: fbdev: remove redundant lock_fb_info
Luke Nowakowski-Krijger
luke.nowakowskikrijger at canonical.com
Wed Oct 5 16:59:02 UTC 2022
Applied to bionic/linux master-next,
I left the commit header and message alone as it mentions the deadlock
which is what we care about.
Thanks!
- Luke
On Fri, Sep 23, 2022 at 3:32 PM Cengiz Can <cengiz.can at canonical.com> wrote:
> BugLink: https://bugs.launchpad.net/bugs/1990690
>
> SRU Justification:
>
> [Impact]
> One of the fixing commits for CVE-2021-33655, commit 159a96b199b4
> ("fbcon: Prevent that screen size is smaller than font size")
> introduced a redundant lock_fb_info line into the ioctl flow in fbmem.c.
>
> Users belonging to video group may trigger a deadlock and potentially
> lock the system.
>
> ```
> ============================================
> WARNING: possible recursive locking detected
> 4.15.0-195-generic #206 Not tainted
> --------------------------------------------
> refresh/1248 is trying to acquire lock:
> (&fb_info->lock){+.+.}, at: [<000000004c154cfe>] lock_fb_info+0x1d/0x40
>
> but task is already holding lock:
> (&fb_info->lock){+.+.}, at: [<000000004c154cfe>] lock_fb_info+0x1d/0x40
>
> other info that might help us debug this:
> Possible unsafe locking scenario:
> CPU0
> ----
> lock(&fb_info->lock);
> lock(&fb_info->lock);
>
> *** DEADLOCK ***
> May be due to missing lock nesting notation
> 2 locks held by refresh/1248:
> #0: (console_lock){+.+.}, at: [<000000008000aa2b>]
> do_fb_ioctl+0x435/0x5e0
> #1: (&fb_info->lock){+.+.}, at: [<000000004c154cfe>]
> lock_fb_info+0x1d/0x40
> ```
>
> [Test case]
> Ran a sample framebuffer userspace test which calls FBIOPUT_VSCREENINFO.
>
> Verified that deadlock is producible.
>
> After removing redundant lock_fb_info, same test program no longer
> causes a deadlock.
>
> [Potential regressions]
> There are no new potential regressions.
>
> Cengiz Can (1):
> UBUNTU: SAUCE: fbdev: remove redundant lock_fb_info
>
> drivers/video/fbdev/core/fbmem.c | 1 -
> 1 file changed, 1 deletion(-)
>
> --
> 2.34.1
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20221005/cb06ccd4/attachment-0001.html>
More information about the kernel-team
mailing list