CVE-2024-36002

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> dpll: fix dpll_pin_on_pin_register() for multiple parent pins<br /> <br /> In scenario where pin is registered with multiple parent pins via<br /> dpll_pin_on_pin_register(..), all belonging to the same dpll device.<br /> A second call to dpll_pin_on_pin_unregister(..) would cause a call trace,<br /> as it tries to use already released registration resources (due to fix<br /> introduced in b446631f355e). In this scenario pin was registered twice,<br /> so resources are not yet expected to be release until each registered<br /> pin/pin pair is unregistered.<br /> <br /> Currently, the following crash/call trace is produced when ice driver is<br /> removed on the system with installed E810T NIC which includes dpll device:<br /> <br /> WARNING: CPU: 51 PID: 9155 at drivers/dpll/dpll_core.c:809 dpll_pin_ops+0x20/0x30<br /> RIP: 0010:dpll_pin_ops+0x20/0x30<br /> Call Trace:<br /> ? __warn+0x7f/0x130<br /> ? dpll_pin_ops+0x20/0x30<br /> dpll_msg_add_pin_freq+0x37/0x1d0<br /> dpll_cmd_pin_get_one+0x1c0/0x400<br /> ? __nlmsg_put+0x63/0x80<br /> dpll_pin_event_send+0x93/0x140<br /> dpll_pin_on_pin_unregister+0x3f/0x100<br /> ice_dpll_deinit_pins+0xa1/0x230 [ice]<br /> ice_remove+0xf1/0x210 [ice]<br /> <br /> Fix by adding a parent pointer as a cookie when creating a registration,<br /> also when searching for it. For the regular pins pass NULL, this allows to<br /> create separated registration for each parent the pin is registered with.