CVE-2023-54160

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> firmware: arm_sdei: Fix sleep from invalid context BUG<br /> <br /> Running a preempt-rt (v6.2-rc3-rt1) based kernel on an Ampere Altra<br /> triggers:<br /> <br /> BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:46<br /> in_atomic(): 0, irqs_disabled(): 128, non_block: 0, pid: 24, name: cpuhp/0<br /> preempt_count: 0, expected: 0<br /> RCU nest depth: 0, expected: 0<br /> 3 locks held by cpuhp/0/24:<br /> #0: ffffda30217c70d0 (cpu_hotplug_lock){++++}-{0:0}, at: cpuhp_thread_fun+0x5c/0x248<br /> #1: ffffda30217c7120 (cpuhp_state-up){+.+.}-{0:0}, at: cpuhp_thread_fun+0x5c/0x248<br /> #2: ffffda3021c711f0 (sdei_list_lock){....}-{3:3}, at: sdei_cpuhp_up+0x3c/0x130<br /> irq event stamp: 36<br /> hardirqs last enabled at (35): [] finish_task_switch+0xb4/0x2b0<br /> hardirqs last disabled at (36): [] cpuhp_thread_fun+0x21c/0x248<br /> softirqs last enabled at (0): [] copy_process+0x63c/0x1ac0<br /> softirqs last disabled at (0): [] 0x0<br /> CPU: 0 PID: 24 Comm: cpuhp/0 Not tainted 5.19.0-rc3-rt5-[...]<br /> Hardware name: WIWYNN Mt.Jade Server [...]<br /> Call trace:<br /> dump_backtrace+0x114/0x120<br /> show_stack+0x20/0x70<br /> dump_stack_lvl+0x9c/0xd8<br /> dump_stack+0x18/0x34<br /> __might_resched+0x188/0x228<br /> rt_spin_lock+0x70/0x120<br /> sdei_cpuhp_up+0x3c/0x130<br /> cpuhp_invoke_callback+0x250/0xf08<br /> cpuhp_thread_fun+0x120/0x248<br /> smpboot_thread_fn+0x280/0x320<br /> kthread+0x130/0x140<br /> ret_from_fork+0x10/0x20<br /> <br /> sdei_cpuhp_up() is called in the STARTING hotplug section,<br /> which runs with interrupts disabled. Use a CPUHP_AP_ONLINE_DYN entry<br /> instead to execute the cpuhp cb later, with preemption enabled.<br /> <br /> SDEI originally got its own cpuhp slot to allow interacting<br /> with perf. It got superseded by pNMI and this early slot is not<br /> relevant anymore. [1]<br /> <br /> Some SDEI calls (e.g. SDEI_1_0_FN_SDEI_PE_MASK) take actions on the<br /> calling CPU. It is checked that preemption is disabled for them.<br /> _ONLINE cpuhp cb are executed in the &amp;#39;per CPU hotplug thread&amp;#39;.<br /> Preemption is enabled in those threads, but their cpumask is limited<br /> to 1 CPU.<br /> Move &amp;#39;WARN_ON_ONCE(preemptible())&amp;#39; statements so that SDEI cpuhp cb<br /> don&amp;#39;t trigger them.<br /> <br /> Also add a check for the SDEI_1_0_FN_SDEI_PRIVATE_RESET SDEI call<br /> which acts on the calling CPU.<br /> <br /> [1]:<br /> https://lore.kernel.org/all/5813b8c5-ae3e-87fd-fccc-94c9cd08816d@arm.com/