A vulnerability in the Linux kernel has been resolved recently. The vulnerability was in the core system-wide Power Management (PM) code and was causing deadlocks during resume operations in low-memory situations. The Linux kernel developers have addressed the problem by modifying the code and improving the handling of such scenarios. This post will discuss the details of the fix, the issues it addresses, and provide some code snippets to illustrate the changes.
Original References
- Linux Kernel Mailing List - PM: sleep: Fix possible deadlocks
- Power Management Documentation
Vulnerability Details
The system-wide resume core code in Linux kernel was experiencing deadlocks due to improper handling of low-memory situations. The issue was caused by the async_schedule_dev() function, which attempts to execute its argument function synchronously when it cannot allocate memory (and in some other scenarios). When executed synchronously, the function tries to acquire a mutex that is already held, causing a deadlock.
Moreover, executing the argument function synchronously within dpm_async_fn() had negative consequences for device ordering. For example, it could result in a consumer device's resume callback being invoked before the requisite supplier device's resume callback.
The Fix
To address the deadlock and device ordering issues, the developers changed the code in question to use the async_schedule_dev_nocall() function for scheduling the asynchronous execution of device suspend and resume functions. If async_schedule_dev_nocall() returns false, it indicates that the system should run them synchronously instead.
Here is the code snippet showing the changes made to async_schedule_dev()
void dpm_async_fn(struct device *dev, void (*func)(struct device *))
{
if (!async_schedule_dev_nocall(func, dev)) {
dev_dbg(dev, "executing %ps() directly\n", func);
func(dev);
}
}
By using async_schedule_dev_nocall() with this modification, the function only schedules async execution for device suspend and resume functions. If it returns false, the function is called directly (and synchronously) without any chances of deadlock or device ordering issues.
Conclusion
The CVE-2023-52498 vulnerability has been resolved in the Linux kernel, which affected its core system-wide Power Management code. This fix comes as a relief for those who might have been encountering deadlocks due to low-memory situations or improper device ordering during resume operations. Users are advised to update their Linux kernel to incorporate this change and enjoy a smoother, deadlock-free experience in their systems.
Timeline
Published on: 03/11/2024 18:15:17 UTC
Last modified on: 03/12/2024 12:40:13 UTC