CVE-2022-49309

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drivers: staging: rtl8723bs: Fix deadlock in rtw_surveydone_event_callback()<br /> <br /> There is a deadlock in rtw_surveydone_event_callback(),<br /> which is shown below:<br /> <br /> (Thread 1) | (Thread 2)<br /> | _set_timer()<br /> rtw_surveydone_event_callback()| mod_timer()<br /> spin_lock_bh() //(1) | (wait a time)<br /> ... | rtw_scan_timeout_handler()<br /> del_timer_sync() | spin_lock_bh() //(2)<br /> (wait timer to stop) | ...<br /> <br /> We hold pmlmepriv-&gt;lock in position (1) of thread 1 and use<br /> del_timer_sync() to wait timer to stop, but timer handler<br /> also need pmlmepriv-&gt;lock in position (2) of thread 2.<br /> As a result, rtw_surveydone_event_callback() will block forever.<br /> <br /> This patch extracts del_timer_sync() from the protection of<br /> spin_lock_bh(), which could let timer handler to obtain<br /> the needed lock. What`s more, we change spin_lock_bh() in<br /> rtw_scan_timeout_handler() to spin_lock_irq(). Otherwise,<br /> spin_lock_bh() will also cause deadlock() in timer handler.