CVE-2022-48704

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/radeon: add a force flush to delay work when radeon<br /> <br /> Although radeon card fence and wait for gpu to finish processing current batch rings,<br /> there is still a corner case that radeon lockup work queue may not be fully flushed,<br /> and meanwhile the radeon_suspend_kms() function has called pci_set_power_state() to<br /> put device in D3hot state.<br /> Per PCI spec rev 4.0 on 5.3.1.4.1 D3hot State.<br /> &gt; Configuration and Message requests are the only TLPs accepted by a Function in<br /> &gt; the D3hot state. All other received Requests must be handled as Unsupported Requests,<br /> &gt; and all received Completions may optionally be handled as Unexpected Completions.<br /> This issue will happen in following logs:<br /> Unable to handle kernel paging request at virtual address 00008800e0008010<br /> CPU 0 kworker/0:3(131): Oops 0<br /> pc = [] ra = [] ps = 0000 Tainted: G W<br /> pc is at si_gpu_check_soft_reset+0x3c/0x240<br /> ra is at si_dma_is_lockup+0x34/0xd0<br /> v0 = 0000000000000000 t0 = fff08800e0008010 t1 = 0000000000010000<br /> t2 = 0000000000008010 t3 = fff00007e3c00000 t4 = fff00007e3c00258<br /> t5 = 000000000000ffff t6 = 0000000000000001 t7 = fff00007ef078000<br /> s0 = fff00007e3c016e8 s1 = fff00007e3c00000 s2 = fff00007e3c00018<br /> s3 = fff00007e3c00000 s4 = fff00007fff59d80 s5 = 0000000000000000<br /> s6 = fff00007ef07bd98<br /> a0 = fff00007e3c00000 a1 = fff00007e3c016e8 a2 = 0000000000000008<br /> a3 = 0000000000000001 a4 = 8f5c28f5c28f5c29 a5 = ffffffff810f4338<br /> t8 = 0000000000000275 t9 = ffffffff809b66f8 t10 = ff6769c5d964b800<br /> t11= 000000000000b886 pv = ffffffff811bea20 at = 0000000000000000<br /> gp = ffffffff81d89690 sp = 00000000aa814126<br /> Disabling lock debugging due to kernel taint<br /> Trace:<br /> [] si_dma_is_lockup+0x34/0xd0<br /> [] radeon_fence_check_lockup+0xd0/0x290<br /> [] process_one_work+0x280/0x550<br /> [] worker_thread+0x70/0x7c0<br /> [] worker_thread+0x130/0x7c0<br /> [] kthread+0x200/0x210<br /> [] worker_thread+0x0/0x7c0<br /> [] kthread+0x14c/0x210<br /> [] ret_from_kernel_thread+0x18/0x20<br /> [] kthread+0x0/0x210<br /> Code: ad3e0008 43f0074a ad7e0018 ad9e0020 8c3001e8 40230101<br /> 4821ed21<br /> So force lockup work queue flush to fix this problem.