CVE-2023-54118

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> serial: sc16is7xx: setup GPIO controller later in probe<br /> <br /> The GPIO controller component of the sc16is7xx driver is setup too<br /> early, which can result in a race condition where another device tries<br /> to utilise the GPIO lines before the sc16is7xx device has finished<br /> initialising.<br /> <br /> This issue manifests itself as an Oops when the GPIO lines are configured:<br /> <br /> Unable to handle kernel read from unreadable memory at virtual address<br /> ...<br /> pc : sc16is7xx_gpio_direction_output+0x68/0x108 [sc16is7xx]<br /> lr : sc16is7xx_gpio_direction_output+0x4c/0x108 [sc16is7xx]<br /> ...<br /> Call trace:<br /> sc16is7xx_gpio_direction_output+0x68/0x108 [sc16is7xx]<br /> gpiod_direction_output_raw_commit+0x64/0x318<br /> gpiod_direction_output+0xb0/0x170<br /> create_gpio_led+0xec/0x198<br /> gpio_led_probe+0x16c/0x4f0<br /> platform_drv_probe+0x5c/0xb0<br /> really_probe+0xe8/0x448<br /> driver_probe_device+0xe8/0x138<br /> __device_attach_driver+0x94/0x118<br /> bus_for_each_drv+0x8c/0xe0<br /> __device_attach+0x100/0x1b8<br /> device_initial_probe+0x28/0x38<br /> bus_probe_device+0xa4/0xb0<br /> deferred_probe_work_func+0x90/0xe0<br /> process_one_work+0x1c4/0x480<br /> worker_thread+0x54/0x430<br /> kthread+0x138/0x150<br /> ret_from_fork+0x10/0x1c<br /> <br /> This patch moves the setup of the GPIO controller functions to later in the<br /> probe function, ensuring the sc16is7xx device has already finished<br /> initialising by the time other devices try to make use of the GPIO lines.<br /> The error handling has also been reordered to reflect the new<br /> initialisation order.