cve/published/2024/CVE-2024-26605.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-26605: PCI/ASPM: Fix deadlock when enabling ASPM

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 PCI/ASPM: Fix deadlock when enabling ASPM

 A last minute revert in 6.7-final introduced a potential deadlock when
 enabling ASPM during probe of Qualcomm PCIe controllers as reported by
 lockdep:

   ============================================
   WARNING: possible recursive locking detected
   6.7.0 #40 Not tainted
   --------------------------------------------
   kworker/u16:5/90 is trying to acquire lock:
   ffffacfa78ced000 (pci_bus_sem){++++}-{3:3}, at: pcie_aspm_pm_state_change+0x58/0xdc

               but task is already holding lock:
   ffffacfa78ced000 (pci_bus_sem){++++}-{3:3}, at: pci_walk_bus+0x34/0xbc

               other info that might help us debug this:
    Possible unsafe locking scenario:

          CPU0
          ----
     lock(pci_bus_sem);
     lock(pci_bus_sem);

                *** DEADLOCK ***

   Call trace:
    print_deadlock_bug+0x25c/0x348
    __lock_acquire+0x10a4/0x2064
    lock_acquire+0x1e8/0x318
    down_read+0x60/0x184
    pcie_aspm_pm_state_change+0x58/0xdc
    pci_set_full_power_state+0xa8/0x114
    pci_set_power_state+0xc4/0x120
    qcom_pcie_enable_aspm+0x1c/0x3c [pcie_qcom]
    pci_walk_bus+0x64/0xbc
    qcom_pcie_host_post_init_2_7_0+0x28/0x34 [pcie_qcom]

 The deadlock can easily be reproduced on machines like the Lenovo ThinkPad
 X13s by adding a delay to increase the race window during asynchronous
 probe where another thread can take a write lock.

 Add a new pci_set_power_state_locked() and associated helper functions that
 can be called with the PCI bus semaphore held to avoid taking the read lock
 twice.

 The Linux kernel CVE team has assigned CVE-2024-26605 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 6.1.72 with commit b9c370b61d735a0e5390c42771e7eb21413f7868 and fixed in 6.1.88 with commit 0f7908a016c092cfdaa16d785fa5099d867bc1a3
 	Issue introduced in 6.6.11 with commit 8cc22ba3f77c59df5f1ac47d62df51efb28cd868 and fixed in 6.6.29 with commit b0f4478838be1f1d330061201898fef65bf8fd7c
 	Issue introduced in 6.7 with commit f93e71aea6c60ebff8adbd8941e678302d377869 and fixed in 6.7.5 with commit ef90508574d7af48420bdc5f7b9a4f1cdd26bc70
 	Issue introduced in 6.7 with commit f93e71aea6c60ebff8adbd8941e678302d377869 and fixed in 6.8 with commit 1e560864159d002b453da42bd2c13a1805515a20
 	Issue introduced in 5.15.147 with commit 1f2f662c8bec75d1311e063efaa9107435cf16c8

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-26605
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/pci/bus.c
 	drivers/pci/controller/dwc/pcie-qcom.c
 	drivers/pci/pci.c
 	drivers/pci/pci.h
 	drivers/pci/pcie/aspm.c
 	include/linux/pci.h


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/0f7908a016c092cfdaa16d785fa5099d867bc1a3
 	https://git.kernel.org/stable/c/b0f4478838be1f1d330061201898fef65bf8fd7c
 	https://git.kernel.org/stable/c/ef90508574d7af48420bdc5f7b9a4f1cdd26bc70
 	https://git.kernel.org/stable/c/1e560864159d002b453da42bd2c13a1805515a20
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-26605: PCI/ASPM: Fix deadlock when enabling ASPM

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	PCI/ASPM: Fix deadlock when enabling ASPM

	A last minute revert in 6.7-final introduced a potential deadlock when
	enabling ASPM during probe of Qualcomm PCIe controllers as reported by
	lockdep:

	============================================
	WARNING: possible recursive locking detected
	6.7.0 #40 Not tainted
	--------------------------------------------
	kworker/u16:5/90 is trying to acquire lock:
	ffffacfa78ced000 (pci_bus_sem){++++}-{3:3}, at: pcie_aspm_pm_state_change+0x58/0xdc

	but task is already holding lock:
	ffffacfa78ced000 (pci_bus_sem){++++}-{3:3}, at: pci_walk_bus+0x34/0xbc

	other info that might help us debug this:
	Possible unsafe locking scenario:

	CPU0
	----
	lock(pci_bus_sem);
	lock(pci_bus_sem);

	* DEADLOCK *

	Call trace:
	print_deadlock_bug+0x25c/0x348
	__lock_acquire+0x10a4/0x2064
	lock_acquire+0x1e8/0x318
	down_read+0x60/0x184
	pcie_aspm_pm_state_change+0x58/0xdc
	pci_set_full_power_state+0xa8/0x114
	pci_set_power_state+0xc4/0x120
	qcom_pcie_enable_aspm+0x1c/0x3c [pcie_qcom]
	pci_walk_bus+0x64/0xbc
	qcom_pcie_host_post_init_2_7_0+0x28/0x34 [pcie_qcom]

	The deadlock can easily be reproduced on machines like the Lenovo ThinkPad
	X13s by adding a delay to increase the race window during asynchronous
	probe where another thread can take a write lock.

	Add a new pci_set_power_state_locked() and associated helper functions that
	can be called with the PCI bus semaphore held to avoid taking the read lock
	twice.

	The Linux kernel CVE team has assigned CVE-2024-26605 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 6.1.72 with commit b9c370b61d735a0e5390c42771e7eb21413f7868 and fixed in 6.1.88 with commit 0f7908a016c092cfdaa16d785fa5099d867bc1a3
	Issue introduced in 6.6.11 with commit 8cc22ba3f77c59df5f1ac47d62df51efb28cd868 and fixed in 6.6.29 with commit b0f4478838be1f1d330061201898fef65bf8fd7c
	Issue introduced in 6.7 with commit f93e71aea6c60ebff8adbd8941e678302d377869 and fixed in 6.7.5 with commit ef90508574d7af48420bdc5f7b9a4f1cdd26bc70
	Issue introduced in 6.7 with commit f93e71aea6c60ebff8adbd8941e678302d377869 and fixed in 6.8 with commit 1e560864159d002b453da42bd2c13a1805515a20
	Issue introduced in 5.15.147 with commit 1f2f662c8bec75d1311e063efaa9107435cf16c8

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-26605
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/pci/bus.c
	drivers/pci/controller/dwc/pcie-qcom.c
	drivers/pci/pci.c
	drivers/pci/pci.h
	drivers/pci/pcie/aspm.c
	include/linux/pci.h


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/0f7908a016c092cfdaa16d785fa5099d867bc1a3
	https://git.kernel.org/stable/c/b0f4478838be1f1d330061201898fef65bf8fd7c
	https://git.kernel.org/stable/c/ef90508574d7af48420bdc5f7b9a4f1cdd26bc70
	https://git.kernel.org/stable/c/1e560864159d002b453da42bd2c13a1805515a20