CVE-2025-22014

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> soc: qcom: pdr: Fix the potential deadlock<br /> <br /> When some client process A call pdr_add_lookup() to add the look up for<br /> the service and does schedule locator work, later a process B got a new<br /> server packet indicating locator is up and call pdr_locator_new_server()<br /> which eventually sets pdr-&gt;locator_init_complete to true which process A<br /> sees and takes list lock and queries domain list but it will timeout due<br /> to deadlock as the response will queued to the same qmi-&gt;wq and it is<br /> ordered workqueue and process B is not able to complete new server<br /> request work due to deadlock on list lock.<br /> <br /> Fix it by removing the unnecessary list iteration as the list iteration<br /> is already being done inside locator work, so avoid it here and just<br /> call schedule_work() here.<br /> <br /> Process A Process B<br /> <br /> process_scheduled_works()<br /> pdr_add_lookup() qmi_data_ready_work()<br /> process_scheduled_works() pdr_locator_new_server()<br /> pdr-&gt;locator_init_complete=true;<br /> pdr_locator_work()<br /> mutex_lock(&amp;pdr-&gt;list_lock);<br /> <br /> pdr_locate_service() mutex_lock(&amp;pdr-&gt;list_lock);<br /> <br /> pdr_get_domain_list()<br /> pr_err("PDR: %s get domain list<br /> txn wait failed: %d\n",<br /> req-&gt;service_name,<br /> ret);<br /> <br /> Timeout error log due to deadlock:<br /> <br /> "<br /> PDR: tms/servreg get domain list txn wait failed: -110<br /> PDR: service lookup for msm/adsp/sensor_pd:tms/servreg failed: -110<br /> "<br /> <br /> Thanks to Bjorn and Johan for letting me know that this commit also fixes<br /> an audio regression when using the in-kernel pd-mapper as that makes it<br /> easier to hit this race. [1]