Action not permitted
Modal body text goes here.
gsd-2024-27004
Vulnerability from gsd
Modified
2024-02-20 06:02
Details
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Aliases
{ "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2024-27004" ], "id": "GSD-2024-27004", "modified": "2024-02-20T06:02:29.342472Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2024-27004", "STATE": "RESERVED" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } } } }
cve-2024-27004
Vulnerability from cvelistv5
Published
2024-05-01 05:28
Modified
2024-08-02 00:21
Severity
Summary
clk: Get runtime PM before walking tree during disable_unused
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-27004", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-17T17:40:33.489522Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-17T17:46:18.836Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:21:05.882Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/253ab38d1ee652a596942156978a233970d185ba" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/4af115f1a20a3d9093586079206ee37c2ac55123" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/a29ec0465dce0b871003698698ac6fa92c9a5034" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/a424e713e0cc33d4b969cfda25b9f46df4d7b5bc" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/60ff482c4205a5aac3b0595ab794cfd62295dab5" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/115554862294397590088ba02f11f2aba6d5016c" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/e581cf5d216289ef292d1a4036d53ce90e122469" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/clk/clk.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "253ab38d1ee6", "status": "affected", "version": "9a34b45397e5", "versionType": "git" }, { "lessThan": "4af115f1a20a", "status": "affected", "version": "9a34b45397e5", "versionType": "git" }, { "lessThan": "a29ec0465dce", "status": "affected", "version": "9a34b45397e5", "versionType": "git" }, { "lessThan": "a424e713e0cc", "status": "affected", "version": "9a34b45397e5", "versionType": "git" }, { "lessThan": "60ff482c4205", "status": "affected", "version": "9a34b45397e5", "versionType": "git" }, { "lessThan": "115554862294", "status": "affected", "version": "9a34b45397e5", "versionType": "git" }, { "lessThan": "e581cf5d2162", "status": "affected", "version": "9a34b45397e5", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/clk/clk.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "4.15" }, { "lessThan": "4.15", "status": "unaffected", "version": "0", "versionType": "custom" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.275", "versionType": "custom" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.216", "versionType": "custom" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.157", "versionType": "custom" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.88", "versionType": "custom" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.29", "versionType": "custom" }, { "lessThanOrEqual": "6.8.*", "status": "unaffected", "version": "6.8.8", "versionType": "custom" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: Get runtime PM before walking tree during disable_unused\n\nDoug reported [1] the following hung task:\n\n INFO: task swapper/0:1 blocked for more than 122 seconds.\n Not tainted 5.15.149-21875-gf795ebc40eb8 #1\n \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n task:swapper/0 state:D stack: 0 pid: 1 ppid: 0 flags:0x00000008\n Call trace:\n __switch_to+0xf4/0x1f4\n __schedule+0x418/0xb80\n schedule+0x5c/0x10c\n rpm_resume+0xe0/0x52c\n rpm_resume+0x178/0x52c\n __pm_runtime_resume+0x58/0x98\n clk_pm_runtime_get+0x30/0xb0\n clk_disable_unused_subtree+0x58/0x208\n clk_disable_unused_subtree+0x38/0x208\n clk_disable_unused_subtree+0x38/0x208\n clk_disable_unused_subtree+0x38/0x208\n clk_disable_unused_subtree+0x38/0x208\n clk_disable_unused+0x4c/0xe4\n do_one_initcall+0xcc/0x2d8\n do_initcall_level+0xa4/0x148\n do_initcalls+0x5c/0x9c\n do_basic_setup+0x24/0x30\n kernel_init_freeable+0xec/0x164\n kernel_init+0x28/0x120\n ret_from_fork+0x10/0x20\n INFO: task kworker/u16:0:9 blocked for more than 122 seconds.\n Not tainted 5.15.149-21875-gf795ebc40eb8 #1\n \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n task:kworker/u16:0 state:D stack: 0 pid: 9 ppid: 2 flags:0x00000008\n Workqueue: events_unbound deferred_probe_work_func\n Call trace:\n __switch_to+0xf4/0x1f4\n __schedule+0x418/0xb80\n schedule+0x5c/0x10c\n schedule_preempt_disabled+0x2c/0x48\n __mutex_lock+0x238/0x488\n __mutex_lock_slowpath+0x1c/0x28\n mutex_lock+0x50/0x74\n clk_prepare_lock+0x7c/0x9c\n clk_core_prepare_lock+0x20/0x44\n clk_prepare+0x24/0x30\n clk_bulk_prepare+0x40/0xb0\n mdss_runtime_resume+0x54/0x1c8\n pm_generic_runtime_resume+0x30/0x44\n __genpd_runtime_resume+0x68/0x7c\n genpd_runtime_resume+0x108/0x1f4\n __rpm_callback+0x84/0x144\n rpm_callback+0x30/0x88\n rpm_resume+0x1f4/0x52c\n rpm_resume+0x178/0x52c\n __pm_runtime_resume+0x58/0x98\n __device_attach+0xe0/0x170\n device_initial_probe+0x1c/0x28\n bus_probe_device+0x3c/0x9c\n device_add+0x644/0x814\n mipi_dsi_device_register_full+0xe4/0x170\n devm_mipi_dsi_device_register_full+0x28/0x70\n ti_sn_bridge_probe+0x1dc/0x2c0\n auxiliary_bus_probe+0x4c/0x94\n really_probe+0xcc/0x2c8\n __driver_probe_device+0xa8/0x130\n driver_probe_device+0x48/0x110\n __device_attach_driver+0xa4/0xcc\n bus_for_each_drv+0x8c/0xd8\n __device_attach+0xf8/0x170\n device_initial_probe+0x1c/0x28\n bus_probe_device+0x3c/0x9c\n deferred_probe_work_func+0x9c/0xd8\n process_one_work+0x148/0x518\n worker_thread+0x138/0x350\n kthread+0x138/0x1e0\n ret_from_fork+0x10/0x20\n\nThe first thread is walking the clk tree and calling\nclk_pm_runtime_get() to power on devices required to read the clk\nhardware via struct clk_ops::is_enabled(). This thread holds the clk\nprepare_lock, and is trying to runtime PM resume a device, when it finds\nthat the device is in the process of resuming so the thread schedule()s\naway waiting for the device to finish resuming before continuing. The\nsecond thread is runtime PM resuming the same device, but the runtime\nresume callback is calling clk_prepare(), trying to grab the\nprepare_lock waiting on the first thread.\n\nThis is a classic ABBA deadlock. To properly fix the deadlock, we must\nnever runtime PM resume or suspend a device with the clk prepare_lock\nheld. Actually doing that is near impossible today because the global\nprepare_lock would have to be dropped in the middle of the tree, the\ndevice runtime PM resumed/suspended, and then the prepare_lock grabbed\nagain to ensure consistency of the clk tree topology. If anything\nchanges with the clk tree in the meantime, we\u0027ve lost and will need to\nstart the operation all over again.\n\nLuckily, most of the time we\u0027re simply incrementing or decrementing the\nruntime PM count on an active device, so we don\u0027t have the chance to\nschedule away with the prepare_lock held. Let\u0027s fix this immediate\nproblem that can be\n---truncated---" } ], "providerMetadata": { "dateUpdated": "2024-05-29T05:26:51.608Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/253ab38d1ee652a596942156978a233970d185ba" }, { "url": "https://git.kernel.org/stable/c/4af115f1a20a3d9093586079206ee37c2ac55123" }, { "url": "https://git.kernel.org/stable/c/a29ec0465dce0b871003698698ac6fa92c9a5034" }, { "url": "https://git.kernel.org/stable/c/a424e713e0cc33d4b969cfda25b9f46df4d7b5bc" }, { "url": "https://git.kernel.org/stable/c/60ff482c4205a5aac3b0595ab794cfd62295dab5" }, { "url": "https://git.kernel.org/stable/c/115554862294397590088ba02f11f2aba6d5016c" }, { "url": "https://git.kernel.org/stable/c/e581cf5d216289ef292d1a4036d53ce90e122469" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" } ], "title": "clk: Get runtime PM before walking tree during disable_unused", "x_generator": { "engine": "bippy-a5840b7849dd" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-27004", "datePublished": "2024-05-01T05:28:54.684Z", "dateReserved": "2024-02-19T14:20:24.207Z", "dateUpdated": "2024-08-02T00:21:05.882Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading...