CVE-2024-35818

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> LoongArch: Define the __io_aw() hook as mmiowb()<br /> <br /> Commit fb24ea52f78e0d595852e ("drivers: Remove explicit invocations of<br /> mmiowb()") remove all mmiowb() in drivers, but it says:<br /> <br /> "NOTE: mmiowb() has only ever guaranteed ordering in conjunction with<br /> spin_unlock(). However, pairing each mmiowb() removal in this patch with<br /> the corresponding call to spin_unlock() is not at all trivial, so there<br /> is a small chance that this change may regress any drivers incorrectly<br /> relying on mmiowb() to order MMIO writes between CPUs using lock-free<br /> synchronisation."<br /> <br /> The mmio in radeon_ring_commit() is protected by a mutex rather than a<br /> spinlock, but in the mutex fastpath it behaves similar to spinlock. We<br /> can add mmiowb() calls in the radeon driver but the maintainer says he<br /> doesn&amp;#39;t like such a workaround, and radeon is not the only example of<br /> mutex protected mmio.<br /> <br /> So we should extend the mmiowb tracking system from spinlock to mutex,<br /> and maybe other locking primitives. This is not easy and error prone, so<br /> we solve it in the architectural code, by simply defining the __io_aw()<br /> hook as mmiowb(). And we no longer need to override queued_spin_unlock()<br /> so use the generic definition.<br /> <br /> Without this, we get such an error when run &amp;#39;glxgears&amp;#39; on weak ordering<br /> architectures such as LoongArch:<br /> <br /> radeon 0000:04:00.0: ring 0 stalled for more than 10324msec<br /> radeon 0000:04:00.0: ring 3 stalled for more than 10240msec<br /> radeon 0000:04:00.0: GPU lockup (current fence id 0x000000000001f412 last fence id 0x000000000001f414 on ring 3)<br /> radeon 0000:04:00.0: GPU lockup (current fence id 0x000000000000f940 last fence id 0x000000000000f941 on ring 0)<br /> radeon 0000:04:00.0: scheduling IB failed (-35).<br /> [drm:radeon_gem_va_ioctl [radeon]] *ERROR* Couldn&amp;#39;t update BO_VA (-35)<br /> radeon 0000:04:00.0: scheduling IB failed (-35).<br /> [drm:radeon_gem_va_ioctl [radeon]] *ERROR* Couldn&amp;#39;t update BO_VA (-35)<br /> radeon 0000:04:00.0: scheduling IB failed (-35).<br /> [drm:radeon_gem_va_ioctl [radeon]] *ERROR* Couldn&amp;#39;t update BO_VA (-35)<br /> radeon 0000:04:00.0: scheduling IB failed (-35).<br /> [drm:radeon_gem_va_ioctl [radeon]] *ERROR* Couldn&amp;#39;t update BO_VA (-35)<br /> radeon 0000:04:00.0: scheduling IB failed (-35).<br /> [drm:radeon_gem_va_ioctl [radeon]] *ERROR* Couldn&amp;#39;t update BO_VA (-35)<br /> radeon 0000:04:00.0: scheduling IB failed (-35).<br /> [drm:radeon_gem_va_ioctl [radeon]] *ERROR* Couldn&amp;#39;t update BO_VA (-35)<br /> radeon 0000:04:00.0: scheduling IB failed (-35).<br /> [drm:radeon_gem_va_ioctl [radeon]] *ERROR* Couldn&amp;#39;t update BO_VA (-35)