Message-ID: <2024110936-CVE-2024-50249-0984@gregkh>
Date: Sat,  9 Nov 2024 11:15:57 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2024-50249: ACPI: CPPC: Make rmw_lock a raw_spin_lock

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

ACPI: CPPC: Make rmw_lock a raw_spin_lock

The following BUG was triggered:

=============================
[ BUG: Invalid wait context ]
6.12.0-rc2-XXX #406 Not tainted
-----------------------------
kworker/1:1/62 is trying to lock:
ffffff8801593030 (&cpc_ptr->rmw_lock){+.+.}-{3:3}, at: cpc_write+0xcc/0x370
other info that might help us debug this:
context-{5:5}
2 locks held by kworker/1:1/62:
  #0: ffffff897ef5ec98 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2c/0x50
  #1: ffffff880154e238 (&sg_policy->update_lock){....}-{2:2}, at: sugov_update_shared+0x3c/0x280
stack backtrace:
CPU: 1 UID: 0 PID: 62 Comm: kworker/1:1 Not tainted 6.12.0-rc2-g9654bd3e8806 #406
Workqueue:  0x0 (events)
Call trace:
  dump_backtrace+0xa4/0x130
  show_stack+0x20/0x38
  dump_stack_lvl+0x90/0xd0
  dump_stack+0x18/0x28
  __lock_acquire+0x480/0x1ad8
  lock_acquire+0x114/0x310
  _raw_spin_lock+0x50/0x70
  cpc_write+0xcc/0x370
  cppc_set_perf+0xa0/0x3a8
  cppc_cpufreq_fast_switch+0x40/0xc0
  cpufreq_driver_fast_switch+0x4c/0x218
  sugov_update_shared+0x234/0x280
  update_load_avg+0x6ec/0x7b8
  dequeue_entities+0x108/0x830
  dequeue_task_fair+0x58/0x408
  __schedule+0x4f0/0x1070
  schedule+0x54/0x130
  worker_thread+0xc0/0x2e8
  kthread+0x130/0x148
  ret_from_fork+0x10/0x20

sugov_update_shared() locks a raw_spinlock while cpc_write() locks a
spinlock.

To have a correct wait-type order, update rmw_lock to a raw spinlock and
ensure that interrupts will be disabled on the CPU holding it.

[ rjw: Changelog edits ]

The Linux kernel CVE team has assigned CVE-2024-50249 to this issue.


Affected and fixed versions
===========================

	Issue introduced in 5.15.168 with commit 94e8c988468d and fixed in 5.15.171 with commit c46d6b025880
	Issue introduced in 6.1.113 with commit f812ca13a0d3 and fixed in 6.1.116 with commit 23039b4aaf1e
	Issue introduced in 6.6.54 with commit 8ad28208be7b and fixed in 6.6.60 with commit 0eb2b767c42f
	Issue introduced in 6.11.2 with commit 20cde05aa8bc and fixed in 6.11.7 with commit 43b1df48d1e7
	Issue introduced in 6.12-rc1 with commit 60949b7b8054 and fixed in 6.12-rc6 with commit 1c10941e34c5
	Issue introduced in 6.10.13 with commit 82cee12ada68

Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.

Unaffected versions might change over time as fixes are backported to
older supported kernel versions.  The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-50249
will be updated if fixes are backported, please check that for the most
up to date information about this issue.


Affected files
==============

The file(s) affected by this issue are:
	drivers/acpi/cppc_acpi.c
	include/acpi/cppc_acpi.h


Mitigation
==========

The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes.  Individual
changes are never tested alone, but rather are part of a larger kernel
release.  Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all.  If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
	https://git.kernel.org/stable/c/c46d6b02588000c27b7b869388c2c0278bd0d173
	https://git.kernel.org/stable/c/23039b4aaf1e82e0feea1060834d4ec34262e453
	https://git.kernel.org/stable/c/0eb2b767c42fac61ab23c4063eb456baa4c2c262
	https://git.kernel.org/stable/c/43b1df48d1e7000a214acd1a81b8012ca8a929c8
	https://git.kernel.org/stable/c/1c10941e34c5fdc0357e46a25bd130d9cf40b925

Powered by blists - more mailing lists