CVE-2023-54013 (GCVE-0-2023-54013)

Vulnerability from cvelistv5 – Published: 2025-12-24 10:55 – Updated: 2025-12-24 10:55
VLAI?
Title
interconnect: Fix locking for runpm vs reclaim
Summary
In the Linux kernel, the following vulnerability has been resolved: interconnect: Fix locking for runpm vs reclaim For cases where icc_bw_set() can be called in callbaths that could deadlock against shrinker/reclaim, such as runpm resume, we need to decouple the icc locking. Introduce a new icc_bw_lock for cases where we need to serialize bw aggregation and update to decouple that from paths that require memory allocation such as node/link creation/ destruction. Fixes this lockdep splat: ====================================================== WARNING: possible circular locking dependency detected 6.2.0-rc8-debug+ #554 Not tainted ------------------------------------------------------ ring0/132 is trying to acquire lock: ffffff80871916d0 (&gmu->lock){+.+.}-{3:3}, at: a6xx_pm_resume+0xf0/0x234 but task is already holding lock: ffffffdb5aee57e8 (dma_fence_map){++++}-{0:0}, at: msm_job_run+0x68/0x150 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #4 (dma_fence_map){++++}-{0:0}: __dma_fence_might_wait+0x74/0xc0 dma_resv_lockdep+0x1f4/0x2f4 do_one_initcall+0x104/0x2bc kernel_init_freeable+0x344/0x34c kernel_init+0x30/0x134 ret_from_fork+0x10/0x20 -> #3 (mmu_notifier_invalidate_range_start){+.+.}-{0:0}: fs_reclaim_acquire+0x80/0xa8 slab_pre_alloc_hook.constprop.0+0x40/0x25c __kmem_cache_alloc_node+0x60/0x1cc __kmalloc+0xd8/0x100 topology_parse_cpu_capacity+0x8c/0x178 get_cpu_for_node+0x88/0xc4 parse_cluster+0x1b0/0x28c parse_cluster+0x8c/0x28c init_cpu_topology+0x168/0x188 smp_prepare_cpus+0x24/0xf8 kernel_init_freeable+0x18c/0x34c kernel_init+0x30/0x134 ret_from_fork+0x10/0x20 -> #2 (fs_reclaim){+.+.}-{0:0}: __fs_reclaim_acquire+0x3c/0x48 fs_reclaim_acquire+0x54/0xa8 slab_pre_alloc_hook.constprop.0+0x40/0x25c __kmem_cache_alloc_node+0x60/0x1cc __kmalloc+0xd8/0x100 kzalloc.constprop.0+0x14/0x20 icc_node_create_nolock+0x4c/0xc4 icc_node_create+0x38/0x58 qcom_icc_rpmh_probe+0x1b8/0x248 platform_probe+0x70/0xc4 really_probe+0x158/0x290 __driver_probe_device+0xc8/0xe0 driver_probe_device+0x44/0x100 __driver_attach+0xf8/0x108 bus_for_each_dev+0x78/0xc4 driver_attach+0x2c/0x38 bus_add_driver+0xd0/0x1d8 driver_register+0xbc/0xf8 __platform_driver_register+0x30/0x3c qnoc_driver_init+0x24/0x30 do_one_initcall+0x104/0x2bc kernel_init_freeable+0x344/0x34c kernel_init+0x30/0x134 ret_from_fork+0x10/0x20 -> #1 (icc_lock){+.+.}-{3:3}: __mutex_lock+0xcc/0x3c8 mutex_lock_nested+0x30/0x44 icc_set_bw+0x88/0x2b4 _set_opp_bw+0x8c/0xd8 _set_opp+0x19c/0x300 dev_pm_opp_set_opp+0x84/0x94 a6xx_gmu_resume+0x18c/0x804 a6xx_pm_resume+0xf8/0x234 adreno_runtime_resume+0x2c/0x38 pm_generic_runtime_resume+0x30/0x44 __rpm_callback+0x15c/0x174 rpm_callback+0x78/0x7c rpm_resume+0x318/0x524 __pm_runtime_resume+0x78/0xbc adreno_load_gpu+0xc4/0x17c msm_open+0x50/0x120 drm_file_alloc+0x17c/0x228 drm_open_helper+0x74/0x118 drm_open+0xa0/0x144 drm_stub_open+0xd4/0xe4 chrdev_open+0x1b8/0x1e4 do_dentry_open+0x2f8/0x38c vfs_open+0x34/0x40 path_openat+0x64c/0x7b4 do_filp_open+0x54/0xc4 do_sys_openat2+0x9c/0x100 do_sys_open+0x50/0x7c __arm64_sys_openat+0x28/0x34 invoke_syscall+0x8c/0x128 el0_svc_common.constprop.0+0xa0/0x11c do_el0_ ---truncated---
Severity ?
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 2f3a124696d43de3c837f87a9f767c56ee86cf2a (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < af42269c3523492d71ebbe11fefae2653e9cdc78 (git)
Create a notification for this product.
    Linux Linux Unaffected: 6.5.5 , ≤ 6.5.* (semver)
Unaffected: 6.6 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/interconnect/core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "2f3a124696d43de3c837f87a9f767c56ee86cf2a",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "af42269c3523492d71ebbe11fefae2653e9cdc78",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/interconnect/core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "6.5.*",
              "status": "unaffected",
              "version": "6.5.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.6",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ninterconnect: Fix locking for runpm vs reclaim\n\nFor cases where icc_bw_set() can be called in callbaths that could\ndeadlock against shrinker/reclaim, such as runpm resume, we need to\ndecouple the icc locking.  Introduce a new icc_bw_lock for cases where\nwe need to serialize bw aggregation and update to decouple that from\npaths that require memory allocation such as node/link creation/\ndestruction.\n\nFixes this lockdep splat:\n\n   ======================================================\n   WARNING: possible circular locking dependency detected\n   6.2.0-rc8-debug+ #554 Not tainted\n   ------------------------------------------------------\n   ring0/132 is trying to acquire lock:\n   ffffff80871916d0 (\u0026gmu-\u003elock){+.+.}-{3:3}, at: a6xx_pm_resume+0xf0/0x234\n\n   but task is already holding lock:\n   ffffffdb5aee57e8 (dma_fence_map){++++}-{0:0}, at: msm_job_run+0x68/0x150\n\n   which lock already depends on the new lock.\n\n   the existing dependency chain (in reverse order) is:\n\n   -\u003e #4 (dma_fence_map){++++}-{0:0}:\n          __dma_fence_might_wait+0x74/0xc0\n          dma_resv_lockdep+0x1f4/0x2f4\n          do_one_initcall+0x104/0x2bc\n          kernel_init_freeable+0x344/0x34c\n          kernel_init+0x30/0x134\n          ret_from_fork+0x10/0x20\n\n   -\u003e #3 (mmu_notifier_invalidate_range_start){+.+.}-{0:0}:\n          fs_reclaim_acquire+0x80/0xa8\n          slab_pre_alloc_hook.constprop.0+0x40/0x25c\n          __kmem_cache_alloc_node+0x60/0x1cc\n          __kmalloc+0xd8/0x100\n          topology_parse_cpu_capacity+0x8c/0x178\n          get_cpu_for_node+0x88/0xc4\n          parse_cluster+0x1b0/0x28c\n          parse_cluster+0x8c/0x28c\n          init_cpu_topology+0x168/0x188\n          smp_prepare_cpus+0x24/0xf8\n          kernel_init_freeable+0x18c/0x34c\n          kernel_init+0x30/0x134\n          ret_from_fork+0x10/0x20\n\n   -\u003e #2 (fs_reclaim){+.+.}-{0:0}:\n          __fs_reclaim_acquire+0x3c/0x48\n          fs_reclaim_acquire+0x54/0xa8\n          slab_pre_alloc_hook.constprop.0+0x40/0x25c\n          __kmem_cache_alloc_node+0x60/0x1cc\n          __kmalloc+0xd8/0x100\n          kzalloc.constprop.0+0x14/0x20\n          icc_node_create_nolock+0x4c/0xc4\n          icc_node_create+0x38/0x58\n          qcom_icc_rpmh_probe+0x1b8/0x248\n          platform_probe+0x70/0xc4\n          really_probe+0x158/0x290\n          __driver_probe_device+0xc8/0xe0\n          driver_probe_device+0x44/0x100\n          __driver_attach+0xf8/0x108\n          bus_for_each_dev+0x78/0xc4\n          driver_attach+0x2c/0x38\n          bus_add_driver+0xd0/0x1d8\n          driver_register+0xbc/0xf8\n          __platform_driver_register+0x30/0x3c\n          qnoc_driver_init+0x24/0x30\n          do_one_initcall+0x104/0x2bc\n          kernel_init_freeable+0x344/0x34c\n          kernel_init+0x30/0x134\n          ret_from_fork+0x10/0x20\n\n   -\u003e #1 (icc_lock){+.+.}-{3:3}:\n          __mutex_lock+0xcc/0x3c8\n          mutex_lock_nested+0x30/0x44\n          icc_set_bw+0x88/0x2b4\n          _set_opp_bw+0x8c/0xd8\n          _set_opp+0x19c/0x300\n          dev_pm_opp_set_opp+0x84/0x94\n          a6xx_gmu_resume+0x18c/0x804\n          a6xx_pm_resume+0xf8/0x234\n          adreno_runtime_resume+0x2c/0x38\n          pm_generic_runtime_resume+0x30/0x44\n          __rpm_callback+0x15c/0x174\n          rpm_callback+0x78/0x7c\n          rpm_resume+0x318/0x524\n          __pm_runtime_resume+0x78/0xbc\n          adreno_load_gpu+0xc4/0x17c\n          msm_open+0x50/0x120\n          drm_file_alloc+0x17c/0x228\n          drm_open_helper+0x74/0x118\n          drm_open+0xa0/0x144\n          drm_stub_open+0xd4/0xe4\n          chrdev_open+0x1b8/0x1e4\n          do_dentry_open+0x2f8/0x38c\n          vfs_open+0x34/0x40\n          path_openat+0x64c/0x7b4\n          do_filp_open+0x54/0xc4\n          do_sys_openat2+0x9c/0x100\n          do_sys_open+0x50/0x7c\n          __arm64_sys_openat+0x28/0x34\n          invoke_syscall+0x8c/0x128\n          el0_svc_common.constprop.0+0xa0/0x11c\n          do_el0_\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-24T10:55:45.518Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/2f3a124696d43de3c837f87a9f767c56ee86cf2a"
        },
        {
          "url": "https://git.kernel.org/stable/c/af42269c3523492d71ebbe11fefae2653e9cdc78"
        }
      ],
      "title": "interconnect: Fix locking for runpm vs reclaim",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-54013",
    "datePublished": "2025-12-24T10:55:45.518Z",
    "dateReserved": "2025-12-24T10:53:46.178Z",
    "dateUpdated": "2025-12-24T10:55:45.518Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-54013\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-12-24T11:15:54.270\",\"lastModified\":\"2025-12-29T15:58:56.260\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ninterconnect: Fix locking for runpm vs reclaim\\n\\nFor cases where icc_bw_set() can be called in callbaths that could\\ndeadlock against shrinker/reclaim, such as runpm resume, we need to\\ndecouple the icc locking.  Introduce a new icc_bw_lock for cases where\\nwe need to serialize bw aggregation and update to decouple that from\\npaths that require memory allocation such as node/link creation/\\ndestruction.\\n\\nFixes this lockdep splat:\\n\\n   ======================================================\\n   WARNING: possible circular locking dependency detected\\n   6.2.0-rc8-debug+ #554 Not tainted\\n   ------------------------------------------------------\\n   ring0/132 is trying to acquire lock:\\n   ffffff80871916d0 (\u0026gmu-\u003elock){+.+.}-{3:3}, at: a6xx_pm_resume+0xf0/0x234\\n\\n   but task is already holding lock:\\n   ffffffdb5aee57e8 (dma_fence_map){++++}-{0:0}, at: msm_job_run+0x68/0x150\\n\\n   which lock already depends on the new lock.\\n\\n   the existing dependency chain (in reverse order) is:\\n\\n   -\u003e #4 (dma_fence_map){++++}-{0:0}:\\n          __dma_fence_might_wait+0x74/0xc0\\n          dma_resv_lockdep+0x1f4/0x2f4\\n          do_one_initcall+0x104/0x2bc\\n          kernel_init_freeable+0x344/0x34c\\n          kernel_init+0x30/0x134\\n          ret_from_fork+0x10/0x20\\n\\n   -\u003e #3 (mmu_notifier_invalidate_range_start){+.+.}-{0:0}:\\n          fs_reclaim_acquire+0x80/0xa8\\n          slab_pre_alloc_hook.constprop.0+0x40/0x25c\\n          __kmem_cache_alloc_node+0x60/0x1cc\\n          __kmalloc+0xd8/0x100\\n          topology_parse_cpu_capacity+0x8c/0x178\\n          get_cpu_for_node+0x88/0xc4\\n          parse_cluster+0x1b0/0x28c\\n          parse_cluster+0x8c/0x28c\\n          init_cpu_topology+0x168/0x188\\n          smp_prepare_cpus+0x24/0xf8\\n          kernel_init_freeable+0x18c/0x34c\\n          kernel_init+0x30/0x134\\n          ret_from_fork+0x10/0x20\\n\\n   -\u003e #2 (fs_reclaim){+.+.}-{0:0}:\\n          __fs_reclaim_acquire+0x3c/0x48\\n          fs_reclaim_acquire+0x54/0xa8\\n          slab_pre_alloc_hook.constprop.0+0x40/0x25c\\n          __kmem_cache_alloc_node+0x60/0x1cc\\n          __kmalloc+0xd8/0x100\\n          kzalloc.constprop.0+0x14/0x20\\n          icc_node_create_nolock+0x4c/0xc4\\n          icc_node_create+0x38/0x58\\n          qcom_icc_rpmh_probe+0x1b8/0x248\\n          platform_probe+0x70/0xc4\\n          really_probe+0x158/0x290\\n          __driver_probe_device+0xc8/0xe0\\n          driver_probe_device+0x44/0x100\\n          __driver_attach+0xf8/0x108\\n          bus_for_each_dev+0x78/0xc4\\n          driver_attach+0x2c/0x38\\n          bus_add_driver+0xd0/0x1d8\\n          driver_register+0xbc/0xf8\\n          __platform_driver_register+0x30/0x3c\\n          qnoc_driver_init+0x24/0x30\\n          do_one_initcall+0x104/0x2bc\\n          kernel_init_freeable+0x344/0x34c\\n          kernel_init+0x30/0x134\\n          ret_from_fork+0x10/0x20\\n\\n   -\u003e #1 (icc_lock){+.+.}-{3:3}:\\n          __mutex_lock+0xcc/0x3c8\\n          mutex_lock_nested+0x30/0x44\\n          icc_set_bw+0x88/0x2b4\\n          _set_opp_bw+0x8c/0xd8\\n          _set_opp+0x19c/0x300\\n          dev_pm_opp_set_opp+0x84/0x94\\n          a6xx_gmu_resume+0x18c/0x804\\n          a6xx_pm_resume+0xf8/0x234\\n          adreno_runtime_resume+0x2c/0x38\\n          pm_generic_runtime_resume+0x30/0x44\\n          __rpm_callback+0x15c/0x174\\n          rpm_callback+0x78/0x7c\\n          rpm_resume+0x318/0x524\\n          __pm_runtime_resume+0x78/0xbc\\n          adreno_load_gpu+0xc4/0x17c\\n          msm_open+0x50/0x120\\n          drm_file_alloc+0x17c/0x228\\n          drm_open_helper+0x74/0x118\\n          drm_open+0xa0/0x144\\n          drm_stub_open+0xd4/0xe4\\n          chrdev_open+0x1b8/0x1e4\\n          do_dentry_open+0x2f8/0x38c\\n          vfs_open+0x34/0x40\\n          path_openat+0x64c/0x7b4\\n          do_filp_open+0x54/0xc4\\n          do_sys_openat2+0x9c/0x100\\n          do_sys_open+0x50/0x7c\\n          __arm64_sys_openat+0x28/0x34\\n          invoke_syscall+0x8c/0x128\\n          el0_svc_common.constprop.0+0xa0/0x11c\\n          do_el0_\\n---truncated---\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/2f3a124696d43de3c837f87a9f767c56ee86cf2a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/af42269c3523492d71ebbe11fefae2653e9cdc78\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.