CVE-2023-53563

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> cpufreq: amd-pstate-ut: Fix kernel panic when loading the driver<br /> <br /> After loading the amd-pstate-ut driver, amd_pstate_ut_check_perf()<br /> and amd_pstate_ut_check_freq() use cpufreq_cpu_get() to get the policy<br /> of the CPU and mark it as busy.<br /> <br /> In these functions, cpufreq_cpu_put() should be used to release the<br /> policy, but it is not, so any other entity trying to access the policy<br /> is blocked indefinitely.<br /> <br /> One such scenario is when amd_pstate mode is changed, leading to the<br /> following splat:<br /> <br /> [ 1332.103727] INFO: task bash:2929 blocked for more than 120 seconds.<br /> [ 1332.110001] Not tainted 6.5.0-rc2-amd-pstate-ut #5<br /> [ 1332.115315] "echo 0 &gt; /proc/sys/kernel/hung_task_timeout_secs" disables this message.<br /> [ 1332.123140] task:bash state:D stack:0 pid:2929 ppid:2873 flags:0x00004006<br /> [ 1332.123143] Call Trace:<br /> [ 1332.123145] <br /> [ 1332.123148] __schedule+0x3c1/0x16a0<br /> [ 1332.123154] ? _raw_read_lock_irqsave+0x2d/0x70<br /> [ 1332.123157] schedule+0x6f/0x110<br /> [ 1332.123160] schedule_timeout+0x14f/0x160<br /> [ 1332.123162] ? preempt_count_add+0x86/0xd0<br /> [ 1332.123165] __wait_for_common+0x92/0x190<br /> [ 1332.123168] ? __pfx_schedule_timeout+0x10/0x10<br /> [ 1332.123170] wait_for_completion+0x28/0x30<br /> [ 1332.123173] cpufreq_policy_put_kobj+0x4d/0x90<br /> [ 1332.123177] cpufreq_policy_free+0x157/0x1d0<br /> [ 1332.123178] ? preempt_count_add+0x58/0xd0<br /> [ 1332.123180] cpufreq_remove_dev+0xb6/0x100<br /> [ 1332.123182] subsys_interface_unregister+0x114/0x120<br /> [ 1332.123185] ? preempt_count_add+0x58/0xd0<br /> [ 1332.123187] ? __pfx_amd_pstate_change_driver_mode+0x10/0x10<br /> [ 1332.123190] cpufreq_unregister_driver+0x3b/0xd0<br /> [ 1332.123192] amd_pstate_change_driver_mode+0x1e/0x50<br /> [ 1332.123194] store_status+0xe9/0x180<br /> [ 1332.123197] dev_attr_store+0x1b/0x30<br /> [ 1332.123199] sysfs_kf_write+0x42/0x50<br /> [ 1332.123202] kernfs_fop_write_iter+0x143/0x1d0<br /> [ 1332.123204] vfs_write+0x2df/0x400<br /> [ 1332.123208] ksys_write+0x6b/0xf0<br /> [ 1332.123210] __x64_sys_write+0x1d/0x30<br /> [ 1332.123213] do_syscall_64+0x60/0x90<br /> [ 1332.123216] ? fpregs_assert_state_consistent+0x2e/0x50<br /> [ 1332.123219] ? exit_to_user_mode_prepare+0x49/0x1a0<br /> [ 1332.123223] ? irqentry_exit_to_user_mode+0xd/0x20<br /> [ 1332.123225] ? irqentry_exit+0x3f/0x50<br /> [ 1332.123226] ? exc_page_fault+0x8e/0x190<br /> [ 1332.123228] entry_SYSCALL_64_after_hwframe+0x6e/0xd8<br /> [ 1332.123232] RIP: 0033:0x7fa74c514a37<br /> [ 1332.123234] RSP: 002b:00007ffe31dd0788 EFLAGS: 00000246 ORIG_RAX: 0000000000000001<br /> [ 1332.123238] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00007fa74c514a37<br /> [ 1332.123239] RDX: 0000000000000008 RSI: 000055e27c447aa0 RDI: 0000000000000001<br /> [ 1332.123241] RBP: 000055e27c447aa0 R08: 00007fa74c5d1460 R09: 000000007fffffff<br /> [ 1332.123242] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008<br /> [ 1332.123244] R13: 00007fa74c61a780 R14: 00007fa74c616600 R15: 00007fa74c615a00<br /> [ 1332.123247] <br /> <br /> Fix this by calling cpufreq_cpu_put() wherever necessary.<br /> <br /> [ rjw: Subject and changelog edits ]