Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
In the Linux kernel, the following vulnerability has been resolved:dma-debug: fix a possible deadlock on radix_lockradix_lock() shouldn't be held while holding dma_hash_entry[idx].lockotherwise, there's a possible deadlock scenario whendma debug API is called holding rq_lock():CPU0 CPU1 CPU2dma_free_attrs()check_unmap() add_dma_entry() __schedule() //out (A) rq_lock()get_hash_bucket()(A) dma_entry_hash check_sync() (A) radix_lock() (W) dma_entry_hashdma_entry_free()(W) radix_lock() // CPU2's one (W) rq_lock()CPU1 situation can happen when it extending radix tree andit tries to wake up kswapd via wake_all_kswapd().CPU2 situation can happen while perf_event_task_sched_out()(i.e. dma sync operation is called while deleting perf_event using etm and etr tmc which are Arm Coresight hwtracing driver backends).To remove this possible situation, call dma_entry_free() afterput_hash_bucket() in check_unmap().
No PoCs from references.
- https://github.com/w4zu/Debian_security