CVE-2023-53522

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> cgroup,freezer: hold cpu_hotplug_lock before freezer_mutex<br /> <br /> syzbot is reporting circular locking dependency between cpu_hotplug_lock<br /> and freezer_mutex, for commit f5d39b020809 ("freezer,sched: Rewrite core<br /> freezer logic") replaced atomic_inc() in freezer_apply_state() with<br /> static_branch_inc() which holds cpu_hotplug_lock.<br /> <br /> cpu_hotplug_lock =&gt; cgroup_threadgroup_rwsem =&gt; freezer_mutex<br /> <br /> cgroup_file_write() {<br /> cgroup_procs_write() {<br /> __cgroup_procs_write() {<br /> cgroup_procs_write_start() {<br /> cgroup_attach_lock() {<br /> cpus_read_lock() {<br /> percpu_down_read(&amp;cpu_hotplug_lock);<br /> }<br /> percpu_down_write(&amp;cgroup_threadgroup_rwsem);<br /> }<br /> }<br /> cgroup_attach_task() {<br /> cgroup_migrate() {<br /> cgroup_migrate_execute() {<br /> freezer_attach() {<br /> mutex_lock(&amp;freezer_mutex);<br /> (...snipped...)<br /> }<br /> }<br /> }<br /> }<br /> (...snipped...)<br /> }<br /> }<br /> }<br /> <br /> freezer_mutex =&gt; cpu_hotplug_lock<br /> <br /> cgroup_file_write() {<br /> freezer_write() {<br /> freezer_change_state() {<br /> mutex_lock(&amp;freezer_mutex);<br /> freezer_apply_state() {<br /> static_branch_inc(&amp;freezer_active) {<br /> static_key_slow_inc() {<br /> cpus_read_lock();<br /> static_key_slow_inc_cpuslocked();<br /> cpus_read_unlock();<br /> }<br /> }<br /> }<br /> mutex_unlock(&amp;freezer_mutex);<br /> }<br /> }<br /> }<br /> <br /> Swap locking order by moving cpus_read_lock() in freezer_apply_state()<br /> to before mutex_lock(&amp;freezer_mutex) in freezer_change_state().