CVE-2023-53455

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/vc4: drop all currently held locks if deadlock happens<br /> <br /> If vc4_hdmi_reset_link() returns -EDEADLK, it means that a deadlock<br /> happened in the locking context. This situation should be addressed by<br /> dropping all currently held locks and block until the contended lock<br /> becomes available. Currently, vc4 is not dealing with the deadlock<br /> properly, producing the following output when PROVE_LOCKING is enabled:<br /> <br /> [ 825.612809] ------------[ cut here ]------------<br /> [ 825.612852] WARNING: CPU: 1 PID: 116 at drivers/gpu/drm/drm_modeset_lock.c:276 drm_modeset_drop_locks+0x60/0x68 [drm]<br /> [ 825.613458] Modules linked in: 8021q mrp garp stp llc<br /> raspberrypi_cpufreq brcmfmac brcmutil crct10dif_ce hci_uart cfg80211<br /> btqca btbcm bluetooth vc4 raspberrypi_hwmon snd_soc_hdmi_codec cec<br /> clk_raspberrypi ecdh_generic drm_display_helper ecc rfkill<br /> drm_dma_helper drm_kms_helper pwm_bcm2835 bcm2835_thermal bcm2835_rng<br /> rng_core i2c_bcm2835 drm fuse ip_tables x_tables ipv6<br /> [ 825.613735] CPU: 1 PID: 116 Comm: kworker/1:2 Tainted: G W 6.1.0-rc6-01399-g941aae326315 #3<br /> [ 825.613759] Hardware name: Raspberry Pi 3 Model B Rev 1.2 (DT)<br /> [ 825.613777] Workqueue: events output_poll_execute [drm_kms_helper]<br /> [ 825.614038] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)<br /> [ 825.614063] pc : drm_modeset_drop_locks+0x60/0x68 [drm]<br /> [ 825.614603] lr : drm_helper_probe_detect+0x120/0x1b4 [drm_kms_helper]<br /> [ 825.614829] sp : ffff800008313bf0<br /> [ 825.614844] x29: ffff800008313bf0 x28: ffffcd7778b8b000 x27: 0000000000000000<br /> [ 825.614883] x26: 0000000000000001 x25: 0000000000000001 x24: ffff677cc35c2758<br /> [ 825.614920] x23: ffffcd7707d01430 x22: ffffcd7707c3edc7 x21: 0000000000000001<br /> [ 825.614958] x20: 0000000000000000 x19: ffff800008313c10 x18: 000000000000b6d3<br /> [ 825.614995] x17: ffffcd777835e214 x16: ffffcd7777cef870 x15: fffff81000000000<br /> [ 825.615033] x14: 0000000000000000 x13: 0000000000000099 x12: 0000000000000002<br /> [ 825.615070] x11: 72917988020af800 x10: 72917988020af800 x9 : 72917988020af800<br /> [ 825.615108] x8 : ffff677cc665e0a8 x7 : d00a8c180000110c x6 : ffffcd77774c0054<br /> [ 825.615145] x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000<br /> [ 825.615181] x2 : ffff677cc55e1880 x1 : ffffcd7777cef8ec x0 : ffff800008313c10<br /> [ 825.615219] Call trace:<br /> [ 825.615232] drm_modeset_drop_locks+0x60/0x68 [drm]<br /> [ 825.615773] drm_helper_probe_detect+0x120/0x1b4 [drm_kms_helper]<br /> [ 825.616003] output_poll_execute+0xe4/0x224 [drm_kms_helper]<br /> [ 825.616233] process_one_work+0x2b4/0x618<br /> [ 825.616264] worker_thread+0x24c/0x464<br /> [ 825.616288] kthread+0xec/0x110<br /> [ 825.616310] ret_from_fork+0x10/0x20<br /> [ 825.616335] irq event stamp: 7634<br /> [ 825.616349] hardirqs last enabled at (7633): [] _raw_spin_unlock_irq+0x3c/0x78<br /> [ 825.616384] hardirqs last disabled at (7634): [] __schedule+0x134/0x9f0<br /> [ 825.616411] softirqs last enabled at (7630): [] local_bh_enable+0x4/0x30 [ipv6]<br /> [ 825.617019] softirqs last disabled at (7618): [] local_bh_disable+0x4/0x30 [ipv6]<br /> [ 825.617586] ---[ end trace 0000000000000000 ]---<br /> <br /> Therefore, deal with the deadlock as suggested by [1], using the<br /> function drm_modeset_backoff().<br /> <br /> [1] https://docs.kernel.org/gpu/drm-kms.html?highlight=kms#kms-locking