Content: In recent updates to the Linux kernel, a vulnerability concerning the PCI/ASPM has been resolved. The issue involved the introduction of a potential deadlock when enabling ASPM during the probe of Qualcomm PCIe controllers, as reported by lockdep. For those unfamiliar, a deadlock in this context refers to a situation in which processes can no longer proceed due to a cyclic dependency on resources.
kworker/u16:5/90 is trying to acquire lock
ffffacfa78ced000 (pci_bus_sem){++++}-{3:3}, at: pcie_aspm_pm_state_change+x58/xdc
but task is already holding lock
ffffacfa78ced000 (pci_bus_sem){++++}-{3:3}, at: pci_walk_bus+x34/xbc
The deadlock was created due to a recursive lock acquisition, with the second acquisition taking place at the pcie_aspm_pm_state_change function while the initial lock was still held, as indicated in the code snippet above. This particular bug could easily be reproduced on machines like the Lenovo ThinkPad X13s by adding a delay that increases the race window during asynchronous probe, thus allowing another thread to take a write lock.
To address this issue and avoid the potential deadlock, a new pci_set_power_state_locked() function and its related helper functions were introduced. These new functions can be called with the PCI bus semaphore held in place, thus preventing the problematic recursive lock acquisition.
For full details about this vulnerability, the original references, and the proposed fix, visit the following links:
- Linux kernel mailing list discussion
- Proposed patch and commentary
In conclusion, CVE-2024-26605 addresses a vulnerability in the Linux kernel's PCI/ASPM implementation, resolving a potential deadlock when enabling ASPM during the probe of Qualcomm PCIe controllers. The fix involves introducing new functions that can be called while retaining the PCI bus semaphore, thereby avoiding the problematic recursive lock acquisition that led to the deadlock.
Timeline
Published on: 02/26/2024 16:28:00 UTC
Last modified on: 04/17/2024 17:47:46 UTC