CVE-2022-50426

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> remoteproc: imx_dsp_rproc: Add mutex protection for workqueue<br /> <br /> The workqueue may execute late even after remoteproc is stopped or<br /> stopping, some resources (rpmsg device and endpoint) have been<br /> released in rproc_stop_subdevices(), then rproc_vq_interrupt()<br /> accessing these resources will cause kennel dump.<br /> <br /> Call trace:<br /> virtqueue_add_split+0x1ac/0x560<br /> virtqueue_add_inbuf+0x4c/0x60<br /> rpmsg_recv_done+0x15c/0x294<br /> vring_interrupt+0x6c/0xa4<br /> rproc_vq_interrupt+0x30/0x50<br /> imx_dsp_rproc_vq_work+0x24/0x40 [imx_dsp_rproc]<br /> process_one_work+0x1d0/0x354<br /> worker_thread+0x13c/0x470<br /> kthread+0x154/0x160<br /> ret_from_fork+0x10/0x20<br /> <br /> Add mutex protection in imx_dsp_rproc_vq_work(), if the state is<br /> not running, then just skip calling rproc_vq_interrupt().<br /> <br /> Also the flush workqueue operation can&amp;#39;t be added in rproc stop<br /> for the same reason. The call sequence is<br /> <br /> rproc_shutdown<br /> -&gt; rproc_stop<br /> -&gt;rproc_stop_subdevices<br /> -&gt;rproc-&gt;ops-&gt;stop()<br /> -&gt;imx_dsp_rproc_stop<br /> -&gt;flush_work<br /> -&gt; rproc_vq_interrupt<br /> <br /> The resource needed by rproc_vq_interrupt has been released in<br /> rproc_stop_subdevices, so flush_work is not safe to be called in<br /> imx_dsp_rproc_stop.