[SRU][F][PATCH v2 0/5] CVE-2023-52498

Ian Whitfield ian.whitfield at canonical.com
Tue Oct 15 23:30:18 UTC 2024 

[Impact]

This patchset resolves multiple deadlock conditions in
drivers/base/power/main.c

The primary CVE fix addresses a deadlock that happened on system resume
on low-memory hardware configurations. The second deadlock fixed by
this patchset occurs when a device handling a resume or suspend
attempts to unlock a particular mutex while the base calling code has
not yet dropped it.

[Backport]

The top-level fix patch for this CVE had two dependency patches and
conflicts due to missing two other patches. Dependency patches were
applied cleanly. Of the two conflict patches, one was not relevant and
easily resolved with context adjustment. The other conflicting patch
resolved further deadlock conditions which led me to include it in this
patchset. This secondary patch had one conflict, but this was resolved
by adjusting the patch context.

This patchset therefore includes a fix for the original deadlock CVE,
its two dependency patches, and a second deadlock patch.

[Fix]

Noble:  not affected
Jammy:  fixed via stable updates
Focal:  backport
Bionic: not affected
Xenial: not affected
Trusty: not affected

[Test Case]

Compile and boot tested

[Where problems could occur]

This fix affects the majority of users, because it addresses a bug in
the base driver code for managing power. An issue with this fix would
be visible to the user as a system freeze due to deadlock, or possibly
a logged warning of a circular locking dependency.

v2: This version includes a fix patch for a bug introduced in
    2aa36604e824. This is the 2nd patch in the numbered series and adds
    a missing error check.

Rafael J. Wysocki (5):
  PM: sleep: Avoid calling put_device() under dpm_list_mtx
  PM: sleep: Fix error handling in dpm_prepare()
  async: Split async_schedule_node_domain()
  async: Introduce async_schedule_dev_nocall()
  PM: sleep: Fix possible deadlocks in core system-wide PM code

 drivers/base/power/main.c | 229 ++++++++++++++++++++------------------
 include/linux/async.h     |   2 +
 kernel/async.c            |  85 ++++++++++----
 3 files changed, 188 insertions(+), 128 deletions(-)

-- 
2.43.0

More information about the kernel-team mailing list