Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
In the Linux kernel, the following vulnerability has been resolved:virtio-blk: don't keep queue frozen during system suspendCommit 4ce6e2db00de ("virtio-blk: Ensure no requests in virtqueues beforedeleting vqs.") replaces queue quiesce with queue freeze in virtio-blk'sPM callbacks. And the motivation is to drain inflight IOs before suspending.block layer's queue freeze looks very handy, but it is also easy to causedeadlock, such as, any attempt to call into bio_queue_enter() may run intodeadlock if the queue is frozen in current context. There are all kindsof ->suspend() called in suspend context, so keeping queue frozen in thewhole suspend context isn't one good idea. And Marek reported lockdepwarning[1] caused by virtio-blk's freeze queue in virtblk_freeze().[1] https://lore.kernel.org/linux-block/ca16370e-d646-4eee-b9cc-87277c89c43c@samsung.com/Given the motivation is to drain in-flight IOs, it can be done by callingfreeze & unfreeze, meantime restore to previous behavior by keeping queuequiesced during suspend.
No PoCs from references.
- https://github.com/oogasawa/Utility-security
- https://github.com/w4zu/Debian_security