[SRU][N][PATCH 0/1] CVE-2024-35997
Bethany Jamison
bethany.jamison at canonical.com
Tue Jun 25 17:46:06 UTC 2024
[Impact]
HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up
The flag I2C_HID_READ_PENDING is used to serialize I2C operations.
However, this is not necessary, because I2C core already has its own
locking for that.
More importantly, this flag can cause a lock-up: if the flag is set in
i2c_hid_xfer() and an interrupt happens, the interrupt handler
(i2c_hid_irq) will check this flag and return immediately without doing
anything, then the interrupt handler will be invoked again in an
infinite loop.
Since interrupt handler is an RT task, it takes over the CPU and the
flag-clearing task never gets scheduled, thus we have a lock-up.
Delete this unnecessary flag.
[Fix]
Noble: Clean cherry-pick from linux-6.8.y
Jammy: pending
Focal: pending
Bionic: fix sent to esm ML
Xenial: fix sent to esm ML
Trusty: not going to be fixed by us
[Test Case]
Compile and boot tested.
[Where problems could occur]
This fix affects those who use the HID over I2C protocol
implementation, an issue with this fix would be visible to the user
via a system freeze or crash.
Nam Cao (1):
HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up
drivers/hid/i2c-hid/i2c-hid-core.c | 9 ---------
1 file changed, 9 deletions(-)
--
2.34.1
More information about the kernel-team
mailing list