cve/published/2024/CVE-2024-50249.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-50249: ACPI: CPPC: Make rmw_lock a raw_spin_lock

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 ACPI: CPPC: Make rmw_lock a raw_spin_lock

 The following BUG was triggered:

 =============================
 [ BUG: Invalid wait context ]
 6.12.0-rc2-XXX #406 Not tainted
 -----------------------------
 kworker/1:1/62 is trying to lock:
 ffffff8801593030 (&cpc_ptr->rmw_lock){+.+.}-{3:3}, at: cpc_write+0xcc/0x370
 other info that might help us debug this:
 context-{5:5}
 2 locks held by kworker/1:1/62:
   #0: ffffff897ef5ec98 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2c/0x50
   #1: ffffff880154e238 (&sg_policy->update_lock){....}-{2:2}, at: sugov_update_shared+0x3c/0x280
 stack backtrace:
 CPU: 1 UID: 0 PID: 62 Comm: kworker/1:1 Not tainted 6.12.0-rc2-g9654bd3e8806 #406
 Workqueue:  0x0 (events)
 Call trace:
   dump_backtrace+0xa4/0x130
   show_stack+0x20/0x38
   dump_stack_lvl+0x90/0xd0
   dump_stack+0x18/0x28
   __lock_acquire+0x480/0x1ad8
   lock_acquire+0x114/0x310
   _raw_spin_lock+0x50/0x70
   cpc_write+0xcc/0x370
   cppc_set_perf+0xa0/0x3a8
   cppc_cpufreq_fast_switch+0x40/0xc0
   cpufreq_driver_fast_switch+0x4c/0x218
   sugov_update_shared+0x234/0x280
   update_load_avg+0x6ec/0x7b8
   dequeue_entities+0x108/0x830
   dequeue_task_fair+0x58/0x408
   __schedule+0x4f0/0x1070
   schedule+0x54/0x130
   worker_thread+0xc0/0x2e8
   kthread+0x130/0x148
   ret_from_fork+0x10/0x20

 sugov_update_shared() locks a raw_spinlock while cpc_write() locks a
 spinlock.

 To have a correct wait-type order, update rmw_lock to a raw spinlock and
 ensure that interrupts will be disabled on the CPU holding it.

 [ rjw: Changelog edits ]

 The Linux kernel CVE team has assigned CVE-2024-50249 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 5.15.168 with commit 94e8c988468dafde1d2bfe0532a60a3117f6394b and fixed in 5.15.171 with commit c46d6b02588000c27b7b869388c2c0278bd0d173
 	Issue introduced in 6.1.113 with commit f812ca13a0d3e3aa418da36b66ca40df0d6f9e60 and fixed in 6.1.116 with commit 23039b4aaf1e82e0feea1060834d4ec34262e453
 	Issue introduced in 6.6.54 with commit 8ad28208be7bbe748e90442c45963ddbef0fd1e2 and fixed in 6.6.60 with commit 0eb2b767c42fac61ab23c4063eb456baa4c2c262
 	Issue introduced in 6.11.2 with commit 20cde05aa8bcd7a5ff36a609d813189b7cdbe692 and fixed in 6.11.7 with commit 43b1df48d1e7000a214acd1a81b8012ca8a929c8
 	Issue introduced in 6.10.13 with commit 82cee12ada68dfd438c7faca152dbfe042868743

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-50249
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/acpi/cppc_acpi.c
 	include/acpi/cppc_acpi.h


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/c46d6b02588000c27b7b869388c2c0278bd0d173
 	https://git.kernel.org/stable/c/23039b4aaf1e82e0feea1060834d4ec34262e453
 	https://git.kernel.org/stable/c/0eb2b767c42fac61ab23c4063eb456baa4c2c262
 	https://git.kernel.org/stable/c/43b1df48d1e7000a214acd1a81b8012ca8a929c8
 	https://git.kernel.org/stable/c/1c10941e34c5fdc0357e46a25bd130d9cf40b925
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-50249: ACPI: CPPC: Make rmw_lock a raw_spin_lock

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	ACPI: CPPC: Make rmw_lock a raw_spin_lock

	The following BUG was triggered:

	=============================
	[ BUG: Invalid wait context ]
	6.12.0-rc2-XXX #406 Not tainted
	-----------------------------
	kworker/1:1/62 is trying to lock:
	ffffff8801593030 (&cpc_ptr->rmw_lock){+.+.}-{3:3}, at: cpc_write+0xcc/0x370
	other info that might help us debug this:
	context-{5:5}
	2 locks held by kworker/1:1/62:
	#0: ffffff897ef5ec98 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2c/0x50
	#1: ffffff880154e238 (&sg_policy->update_lock){....}-{2:2}, at: sugov_update_shared+0x3c/0x280
	stack backtrace:
	CPU: 1 UID: 0 PID: 62 Comm: kworker/1:1 Not tainted 6.12.0-rc2-g9654bd3e8806 #406
	Workqueue: 0x0 (events)
	Call trace:
	dump_backtrace+0xa4/0x130
	show_stack+0x20/0x38
	dump_stack_lvl+0x90/0xd0
	dump_stack+0x18/0x28
	__lock_acquire+0x480/0x1ad8
	lock_acquire+0x114/0x310
	_raw_spin_lock+0x50/0x70
	cpc_write+0xcc/0x370
	cppc_set_perf+0xa0/0x3a8
	cppc_cpufreq_fast_switch+0x40/0xc0
	cpufreq_driver_fast_switch+0x4c/0x218
	sugov_update_shared+0x234/0x280
	update_load_avg+0x6ec/0x7b8
	dequeue_entities+0x108/0x830
	dequeue_task_fair+0x58/0x408
	__schedule+0x4f0/0x1070
	schedule+0x54/0x130
	worker_thread+0xc0/0x2e8
	kthread+0x130/0x148
	ret_from_fork+0x10/0x20

	sugov_update_shared() locks a raw_spinlock while cpc_write() locks a
	spinlock.

	To have a correct wait-type order, update rmw_lock to a raw spinlock and
	ensure that interrupts will be disabled on the CPU holding it.

	[ rjw: Changelog edits ]

	The Linux kernel CVE team has assigned CVE-2024-50249 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 5.15.168 with commit 94e8c988468dafde1d2bfe0532a60a3117f6394b and fixed in 5.15.171 with commit c46d6b02588000c27b7b869388c2c0278bd0d173
	Issue introduced in 6.1.113 with commit f812ca13a0d3e3aa418da36b66ca40df0d6f9e60 and fixed in 6.1.116 with commit 23039b4aaf1e82e0feea1060834d4ec34262e453
	Issue introduced in 6.6.54 with commit 8ad28208be7bbe748e90442c45963ddbef0fd1e2 and fixed in 6.6.60 with commit 0eb2b767c42fac61ab23c4063eb456baa4c2c262
	Issue introduced in 6.11.2 with commit 20cde05aa8bcd7a5ff36a609d813189b7cdbe692 and fixed in 6.11.7 with commit 43b1df48d1e7000a214acd1a81b8012ca8a929c8
	Issue introduced in 6.10.13 with commit 82cee12ada68dfd438c7faca152dbfe042868743

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-50249
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/acpi/cppc_acpi.c
	include/acpi/cppc_acpi.h


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/c46d6b02588000c27b7b869388c2c0278bd0d173
	https://git.kernel.org/stable/c/23039b4aaf1e82e0feea1060834d4ec34262e453
	https://git.kernel.org/stable/c/0eb2b767c42fac61ab23c4063eb456baa4c2c262
	https://git.kernel.org/stable/c/43b1df48d1e7000a214acd1a81b8012ca8a929c8
	https://git.kernel.org/stable/c/1c10941e34c5fdc0357e46a25bd130d9cf40b925