ACK: [SRU][N][PATCH 0/1] CVE-2024-35997
Thibault Ferrante
thibault.ferrante at canonical.com
Wed Jun 26 08:34:26 UTC 2024
On 25-06-2024 19:46, Bethany Jamison wrote:
> [Impact]
>
> HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up
>
> The flag I2C_HID_READ_PENDING is used to serialize I2C operations.
> However, this is not necessary, because I2C core already has its own
> locking for that.
>
> More importantly, this flag can cause a lock-up: if the flag is set in
> i2c_hid_xfer() and an interrupt happens, the interrupt handler
> (i2c_hid_irq) will check this flag and return immediately without doing
> anything, then the interrupt handler will be invoked again in an
> infinite loop.
>
> Since interrupt handler is an RT task, it takes over the CPU and the
> flag-clearing task never gets scheduled, thus we have a lock-up.
>
> Delete this unnecessary flag.
>
> [Fix]
>
> Noble: Clean cherry-pick from linux-6.8.y
> Jammy: pending
> Focal: pending
> Bionic: fix sent to esm ML
> Xenial: fix sent to esm ML
> Trusty: not going to be fixed by us
>
> [Test Case]
>
> Compile and boot tested.
>
> [Where problems could occur]
>
> This fix affects those who use the HID over I2C protocol
> implementation, an issue with this fix would be visible to the user
> via a system freeze or crash.
>
> Nam Cao (1):
> HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up
>
> drivers/hid/i2c-hid/i2c-hid-core.c | 9 ---------
> 1 file changed, 9 deletions(-)
>
Acked-by: Thibault Ferrante <thibault.ferrante at canonical.com>
--
Thibault
More information about the kernel-team
mailing list