CVE-2023-54013
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
24/12/2025
Last modified:
29/12/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
interconnect: Fix locking for runpm vs reclaim<br />
<br />
For cases where icc_bw_set() can be called in callbaths that could<br />
deadlock against shrinker/reclaim, such as runpm resume, we need to<br />
decouple the icc locking. Introduce a new icc_bw_lock for cases where<br />
we need to serialize bw aggregation and update to decouple that from<br />
paths that require memory allocation such as node/link creation/<br />
destruction.<br />
<br />
Fixes this lockdep splat:<br />
<br />
======================================================<br />
WARNING: possible circular locking dependency detected<br />
6.2.0-rc8-debug+ #554 Not tainted<br />
------------------------------------------------------<br />
ring0/132 is trying to acquire lock:<br />
ffffff80871916d0 (&gmu->lock){+.+.}-{3:3}, at: a6xx_pm_resume+0xf0/0x234<br />
<br />
but task is already holding lock:<br />
ffffffdb5aee57e8 (dma_fence_map){++++}-{0:0}, at: msm_job_run+0x68/0x150<br />
<br />
which lock already depends on the new lock.<br />
<br />
the existing dependency chain (in reverse order) is:<br />
<br />
-> #4 (dma_fence_map){++++}-{0:0}:<br />
__dma_fence_might_wait+0x74/0xc0<br />
dma_resv_lockdep+0x1f4/0x2f4<br />
do_one_initcall+0x104/0x2bc<br />
kernel_init_freeable+0x344/0x34c<br />
kernel_init+0x30/0x134<br />
ret_from_fork+0x10/0x20<br />
<br />
-> #3 (mmu_notifier_invalidate_range_start){+.+.}-{0:0}:<br />
fs_reclaim_acquire+0x80/0xa8<br />
slab_pre_alloc_hook.constprop.0+0x40/0x25c<br />
__kmem_cache_alloc_node+0x60/0x1cc<br />
__kmalloc+0xd8/0x100<br />
topology_parse_cpu_capacity+0x8c/0x178<br />
get_cpu_for_node+0x88/0xc4<br />
parse_cluster+0x1b0/0x28c<br />
parse_cluster+0x8c/0x28c<br />
init_cpu_topology+0x168/0x188<br />
smp_prepare_cpus+0x24/0xf8<br />
kernel_init_freeable+0x18c/0x34c<br />
kernel_init+0x30/0x134<br />
ret_from_fork+0x10/0x20<br />
<br />
-> #2 (fs_reclaim){+.+.}-{0:0}:<br />
__fs_reclaim_acquire+0x3c/0x48<br />
fs_reclaim_acquire+0x54/0xa8<br />
slab_pre_alloc_hook.constprop.0+0x40/0x25c<br />
__kmem_cache_alloc_node+0x60/0x1cc<br />
__kmalloc+0xd8/0x100<br />
kzalloc.constprop.0+0x14/0x20<br />
icc_node_create_nolock+0x4c/0xc4<br />
icc_node_create+0x38/0x58<br />
qcom_icc_rpmh_probe+0x1b8/0x248<br />
platform_probe+0x70/0xc4<br />
really_probe+0x158/0x290<br />
__driver_probe_device+0xc8/0xe0<br />
driver_probe_device+0x44/0x100<br />
__driver_attach+0xf8/0x108<br />
bus_for_each_dev+0x78/0xc4<br />
driver_attach+0x2c/0x38<br />
bus_add_driver+0xd0/0x1d8<br />
driver_register+0xbc/0xf8<br />
__platform_driver_register+0x30/0x3c<br />
qnoc_driver_init+0x24/0x30<br />
do_one_initcall+0x104/0x2bc<br />
kernel_init_freeable+0x344/0x34c<br />
kernel_init+0x30/0x134<br />
ret_from_fork+0x10/0x20<br />
<br />
-> #1 (icc_lock){+.+.}-{3:3}:<br />
__mutex_lock+0xcc/0x3c8<br />
mutex_lock_nested+0x30/0x44<br />
icc_set_bw+0x88/0x2b4<br />
_set_opp_bw+0x8c/0xd8<br />
_set_opp+0x19c/0x300<br />
dev_pm_opp_set_opp+0x84/0x94<br />
a6xx_gmu_resume+0x18c/0x804<br />
a6xx_pm_resume+0xf8/0x234<br />
adreno_runtime_resume+0x2c/0x38<br />
pm_generic_runtime_resume+0x30/0x44<br />
__rpm_callback+0x15c/0x174<br />
rpm_callback+0x78/0x7c<br />
rpm_resume+0x318/0x524<br />
__pm_runtime_resume+0x78/0xbc<br />
adreno_load_gpu+0xc4/0x17c<br />
msm_open+0x50/0x120<br />
drm_file_alloc+0x17c/0x228<br />
drm_open_helper+0x74/0x118<br />
drm_open+0xa0/0x144<br />
drm_stub_open+0xd4/0xe4<br />
chrdev_open+0x1b8/0x1e4<br />
do_dentry_open+0x2f8/0x38c<br />
vfs_open+0x34/0x40<br />
path_openat+0x64c/0x7b4<br />
do_filp_open+0x54/0xc4<br />
do_sys_openat2+0x9c/0x100<br />
do_sys_open+0x50/0x7c<br />
__arm64_sys_openat+0x28/0x34<br />
invoke_syscall+0x8c/0x128<br />
el0_svc_common.constprop.0+0xa0/0x11c<br />
do_el0_<br />
---truncated---