CVE-2024-43098

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> i3c: Use i3cdev-&gt;desc-&gt;info instead of calling i3c_device_get_info() to avoid deadlock<br /> <br /> A deadlock may happen since the i3c_master_register() acquires<br /> &amp;i3cbus-&gt;lock twice. See the log below.<br /> Use i3cdev-&gt;desc-&gt;info instead of calling i3c_device_info() to<br /> avoid acquiring the lock twice.<br /> <br /> v2:<br /> - Modified the title and commit message<br /> <br /> ============================================<br /> WARNING: possible recursive locking detected<br /> 6.11.0-mainline<br /> --------------------------------------------<br /> init/1 is trying to acquire lock:<br /> f1ffff80a6a40dc0 (&amp;i3cbus-&gt;lock){++++}-{3:3}, at: i3c_bus_normaluse_lock<br /> <br /> but task is already holding lock:<br /> f1ffff80a6a40dc0 (&amp;i3cbus-&gt;lock){++++}-{3:3}, at: i3c_master_register<br /> <br /> other info that might help us debug this:<br /> Possible unsafe locking scenario:<br /> <br /> CPU0<br /> ----<br /> lock(&amp;i3cbus-&gt;lock);<br /> lock(&amp;i3cbus-&gt;lock);<br /> <br /> *** DEADLOCK ***<br /> <br /> May be due to missing lock nesting notation<br /> <br /> 2 locks held by init/1:<br /> #0: fcffff809b6798f8 (&amp;dev-&gt;mutex){....}-{3:3}, at: __driver_attach<br /> #1: f1ffff80a6a40dc0 (&amp;i3cbus-&gt;lock){++++}-{3:3}, at: i3c_master_register<br /> <br /> stack backtrace:<br /> CPU: 6 UID: 0 PID: 1 Comm: init<br /> Call trace:<br /> dump_backtrace+0xfc/0x17c<br /> show_stack+0x18/0x28<br /> dump_stack_lvl+0x40/0xc0<br /> dump_stack+0x18/0x24<br /> print_deadlock_bug+0x388/0x390<br /> __lock_acquire+0x18bc/0x32ec<br /> lock_acquire+0x134/0x2b0<br /> down_read+0x50/0x19c<br /> i3c_bus_normaluse_lock+0x14/0x24<br /> i3c_device_get_info+0x24/0x58<br /> i3c_device_uevent+0x34/0xa4<br /> dev_uevent+0x310/0x384<br /> kobject_uevent_env+0x244/0x414<br /> kobject_uevent+0x14/0x20<br /> device_add+0x278/0x460<br /> device_register+0x20/0x34<br /> i3c_master_register_new_i3c_devs+0x78/0x154<br /> i3c_master_register+0x6a0/0x6d4<br /> mtk_i3c_master_probe+0x3b8/0x4d8<br /> platform_probe+0xa0/0xe0<br /> really_probe+0x114/0x454<br /> __driver_probe_device+0xa0/0x15c<br /> driver_probe_device+0x3c/0x1ac<br /> __driver_attach+0xc4/0x1f0<br /> bus_for_each_dev+0x104/0x160<br /> driver_attach+0x24/0x34<br /> bus_add_driver+0x14c/0x294<br /> driver_register+0x68/0x104<br /> __platform_driver_register+0x20/0x30<br /> init_module+0x20/0xfe4<br /> do_one_initcall+0x184/0x464<br /> do_init_module+0x58/0x1ec<br /> load_module+0xefc/0x10c8<br /> __arm64_sys_finit_module+0x238/0x33c<br /> invoke_syscall+0x58/0x10c<br /> el0_svc_common+0xa8/0xdc<br /> do_el0_svc+0x1c/0x28<br /> el0_svc+0x50/0xac<br /> el0t_64_sync_handler+0x70/0xbc<br /> el0t_64_sync+0x1a8/0x1ac