Google Git
Sign in
kernel / pub / scm / linux / security / vulns / refs/heads/sasha-cve / . / cve / published / 2024 / CVE-2024-43098.mbox
blob: 98f3f5b566fadaa547e66fadc6036c2b8fd82fae [file] [log] [blame]
From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: <linux-cve-announce@vger.kernel.org>
Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
Subject: CVE-2024-43098: i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to avoid deadlock
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to avoid deadlock
A deadlock may happen since the i3c_master_register() acquires
&i3cbus->lock twice. See the log below.
Use i3cdev->desc->info instead of calling i3c_device_info() to
avoid acquiring the lock twice.
v2:
- Modified the title and commit message
============================================
WARNING: possible recursive locking detected
6.11.0-mainline
--------------------------------------------
init/1 is trying to acquire lock:
f1ffff80a6a40dc0 (&i3cbus->lock){++++}-{3:3}, at: i3c_bus_normaluse_lock
but task is already holding lock:
f1ffff80a6a40dc0 (&i3cbus->lock){++++}-{3:3}, at: i3c_master_register
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&i3cbus->lock);
lock(&i3cbus->lock);
*** DEADLOCK ***
May be due to missing lock nesting notation
2 locks held by init/1:
#0: fcffff809b6798f8 (&dev->mutex){....}-{3:3}, at: __driver_attach
#1: f1ffff80a6a40dc0 (&i3cbus->lock){++++}-{3:3}, at: i3c_master_register
stack backtrace:
CPU: 6 UID: 0 PID: 1 Comm: init
Call trace:
dump_backtrace+0xfc/0x17c
show_stack+0x18/0x28
dump_stack_lvl+0x40/0xc0
dump_stack+0x18/0x24
print_deadlock_bug+0x388/0x390
__lock_acquire+0x18bc/0x32ec
lock_acquire+0x134/0x2b0
down_read+0x50/0x19c
i3c_bus_normaluse_lock+0x14/0x24
i3c_device_get_info+0x24/0x58
i3c_device_uevent+0x34/0xa4
dev_uevent+0x310/0x384
kobject_uevent_env+0x244/0x414
kobject_uevent+0x14/0x20
device_add+0x278/0x460
device_register+0x20/0x34
i3c_master_register_new_i3c_devs+0x78/0x154
i3c_master_register+0x6a0/0x6d4
mtk_i3c_master_probe+0x3b8/0x4d8
platform_probe+0xa0/0xe0
really_probe+0x114/0x454
__driver_probe_device+0xa0/0x15c
driver_probe_device+0x3c/0x1ac
__driver_attach+0xc4/0x1f0
bus_for_each_dev+0x104/0x160
driver_attach+0x24/0x34
bus_add_driver+0x14c/0x294
driver_register+0x68/0x104
__platform_driver_register+0x20/0x30
init_module+0x20/0xfe4
do_one_initcall+0x184/0x464
do_init_module+0x58/0x1ec
load_module+0xefc/0x10c8
__arm64_sys_finit_module+0x238/0x33c
invoke_syscall+0x58/0x10c
el0_svc_common+0xa8/0xdc
do_el0_svc+0x1c/0x28
el0_svc+0x50/0xac
el0t_64_sync_handler+0x70/0xbc
el0t_64_sync+0x1a8/0x1ac
The Linux kernel CVE team has assigned CVE-2024-43098 to this issue.
Affected and fixed versions
===========================
Issue introduced in 5.0 with commit 3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0 and fixed in 5.4.287 with commit 9a2173660ee53d5699744f02e6ab7bf89fcd0b1a
Issue introduced in 5.0 with commit 3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0 and fixed in 5.10.231 with commit 5ac1dd51aaa0ce8b5421d1137e857955a4b6f55e
Issue introduced in 5.0 with commit 3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0 and fixed in 5.15.174 with commit 2d98fa2a50b8058de52ada168fa5dbabb574711b
Issue introduced in 5.0 with commit 3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0 and fixed in 6.1.120 with commit 816187b1833908941286e71b0041059a4acd52ed
Issue introduced in 5.0 with commit 3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0 and fixed in 6.6.66 with commit ffe19e363c6f8b992ba835a361542568dea17409
Issue introduced in 5.0 with commit 3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0 and fixed in 6.12.5 with commit 1f51ae217d09c361ede900b94735a6d2df6c0344
Issue introduced in 5.0 with commit 3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0 and fixed in 6.13 with commit 6cf7b65f7029914dc0cd7db86fac9ee5159008c6
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2024-43098
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
drivers/i3c/master.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/9a2173660ee53d5699744f02e6ab7bf89fcd0b1a
https://git.kernel.org/stable/c/5ac1dd51aaa0ce8b5421d1137e857955a4b6f55e
https://git.kernel.org/stable/c/2d98fa2a50b8058de52ada168fa5dbabb574711b
https://git.kernel.org/stable/c/816187b1833908941286e71b0041059a4acd52ed
https://git.kernel.org/stable/c/ffe19e363c6f8b992ba835a361542568dea17409
https://git.kernel.org/stable/c/1f51ae217d09c361ede900b94735a6d2df6c0344
https://git.kernel.org/stable/c/6cf7b65f7029914dc0cd7db86fac9ee5159008c6