CVE-2023-52638

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock<br /> <br /> The following 3 locks would race against each other, causing the<br /> deadlock situation in the Syzbot bug report:<br /> <br /> - j1939_socks_lock<br /> - active_session_list_lock<br /> - sk_session_queue_lock<br /> <br /> A reasonable fix is to change j1939_socks_lock to an rwlock, since in<br /> the rare situations where a write lock is required for the linked list<br /> that j1939_socks_lock is protecting, the code does not attempt to<br /> acquire any more locks. This would break the circular lock dependency,<br /> where, for example, the current thread already locks j1939_socks_lock<br /> and attempts to acquire sk_session_queue_lock, and at the same time,<br /> another thread attempts to acquire j1939_socks_lock while holding<br /> sk_session_queue_lock.<br /> <br /> NOTE: This patch along does not fix the unregister_netdevice bug<br /> reported by Syzbot; instead, it solves a deadlock situation to prepare<br /> for one or more further patches to actually fix the Syzbot bug, which<br /> appears to be a reference counting problem within the j1939 codebase.<br /> <br /> [mkl: remove unrelated newline change]