CVE-2023-53475

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> usb: xhci: tegra: fix sleep in atomic call<br /> <br /> When we set the dual-role port to Host mode, we observed the following<br /> splat:<br /> [ 167.057718] BUG: sleeping function called from invalid context at<br /> include/linux/sched/mm.h:229<br /> [ 167.057872] Workqueue: events tegra_xusb_usb_phy_work<br /> [ 167.057954] Call trace:<br /> [ 167.057962] dump_backtrace+0x0/0x210<br /> [ 167.057996] show_stack+0x30/0x50<br /> [ 167.058020] dump_stack_lvl+0x64/0x84<br /> [ 167.058065] dump_stack+0x14/0x34<br /> [ 167.058100] __might_resched+0x144/0x180<br /> [ 167.058140] __might_sleep+0x64/0xd0<br /> [ 167.058171] slab_pre_alloc_hook.constprop.0+0xa8/0x110<br /> [ 167.058202] __kmalloc_track_caller+0x74/0x2b0<br /> [ 167.058233] kvasprintf+0xa4/0x190<br /> [ 167.058261] kasprintf+0x58/0x90<br /> [ 167.058285] tegra_xusb_find_port_node.isra.0+0x58/0xd0<br /> [ 167.058334] tegra_xusb_find_port+0x38/0xa0<br /> [ 167.058380] tegra_xusb_padctl_get_usb3_companion+0x38/0xd0<br /> [ 167.058430] tegra_xhci_id_notify+0x8c/0x1e0<br /> [ 167.058473] notifier_call_chain+0x88/0x100<br /> [ 167.058506] atomic_notifier_call_chain+0x44/0x70<br /> [ 167.058537] tegra_xusb_usb_phy_work+0x60/0xd0<br /> [ 167.058581] process_one_work+0x1dc/0x4c0<br /> [ 167.058618] worker_thread+0x54/0x410<br /> [ 167.058650] kthread+0x188/0x1b0<br /> [ 167.058672] ret_from_fork+0x10/0x20<br /> <br /> The function tegra_xusb_padctl_get_usb3_companion eventually calls<br /> tegra_xusb_find_port and this in turn calls kasprintf which might sleep<br /> and so cannot be called from an atomic context.<br /> <br /> Fix this by moving the call to tegra_xusb_padctl_get_usb3_companion to<br /> the tegra_xhci_id_work function where it is really needed.