CVE-2022-50648

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ftrace: Fix recursive locking direct_mutex in ftrace_modify_direct_caller<br /> <br /> Naveen reported recursive locking of direct_mutex with sample<br /> ftrace-direct-modify.ko:<br /> <br /> [ 74.762406] WARNING: possible recursive locking detected<br /> [ 74.762887] 6.0.0-rc6+ #33 Not tainted<br /> [ 74.763216] --------------------------------------------<br /> [ 74.763672] event-sample-fn/1084 is trying to acquire lock:<br /> [ 74.764152] ffffffff86c9d6b0 (direct_mutex){+.+.}-{3:3}, at: \<br /> register_ftrace_function+0x1f/0x180<br /> [ 74.764922]<br /> [ 74.764922] but task is already holding lock:<br /> [ 74.765421] ffffffff86c9d6b0 (direct_mutex){+.+.}-{3:3}, at: \<br /> modify_ftrace_direct+0x34/0x1f0<br /> [ 74.766142]<br /> [ 74.766142] other info that might help us debug this:<br /> [ 74.766701] Possible unsafe locking scenario:<br /> [ 74.766701]<br /> [ 74.767216] CPU0<br /> [ 74.767437] ----<br /> [ 74.767656] lock(direct_mutex);<br /> [ 74.767952] lock(direct_mutex);<br /> [ 74.768245]<br /> [ 74.768245] *** DEADLOCK ***<br /> [ 74.768245]<br /> [ 74.768750] May be due to missing lock nesting notation<br /> [ 74.768750]<br /> [ 74.769332] 1 lock held by event-sample-fn/1084:<br /> [ 74.769731] #0: ffffffff86c9d6b0 (direct_mutex){+.+.}-{3:3}, at: \<br /> modify_ftrace_direct+0x34/0x1f0<br /> [ 74.770496]<br /> [ 74.770496] stack backtrace:<br /> [ 74.770884] CPU: 4 PID: 1084 Comm: event-sample-fn Not tainted ...<br /> [ 74.771498] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), ...<br /> [ 74.772474] Call Trace:<br /> [ 74.772696] <br /> [ 74.772896] dump_stack_lvl+0x44/0x5b<br /> [ 74.773223] __lock_acquire.cold.74+0xac/0x2b7<br /> [ 74.773616] lock_acquire+0xd2/0x310<br /> [ 74.773936] ? register_ftrace_function+0x1f/0x180<br /> [ 74.774357] ? lock_is_held_type+0xd8/0x130<br /> [ 74.774744] ? my_tramp2+0x11/0x11 [ftrace_direct_modify]<br /> [ 74.775213] __mutex_lock+0x99/0x1010<br /> [ 74.775536] ? register_ftrace_function+0x1f/0x180<br /> [ 74.775954] ? slab_free_freelist_hook.isra.43+0x115/0x160<br /> [ 74.776424] ? ftrace_set_hash+0x195/0x220<br /> [ 74.776779] ? register_ftrace_function+0x1f/0x180<br /> [ 74.777194] ? kfree+0x3e1/0x440<br /> [ 74.777482] ? my_tramp2+0x11/0x11 [ftrace_direct_modify]<br /> [ 74.777941] ? __schedule+0xb40/0xb40<br /> [ 74.778258] ? register_ftrace_function+0x1f/0x180<br /> [ 74.778672] ? my_tramp1+0xf/0xf [ftrace_direct_modify]<br /> [ 74.779128] register_ftrace_function+0x1f/0x180<br /> [ 74.779527] ? ftrace_set_filter_ip+0x33/0x70<br /> [ 74.779910] ? __schedule+0xb40/0xb40<br /> [ 74.780231] ? my_tramp1+0xf/0xf [ftrace_direct_modify]<br /> [ 74.780678] ? my_tramp2+0x11/0x11 [ftrace_direct_modify]<br /> [ 74.781147] ftrace_modify_direct_caller+0x5b/0x90<br /> [ 74.781563] ? 0xffffffffa0201000<br /> [ 74.781859] ? my_tramp1+0xf/0xf [ftrace_direct_modify]<br /> [ 74.782309] modify_ftrace_direct+0x1b2/0x1f0<br /> [ 74.782690] ? __schedule+0xb40/0xb40<br /> [ 74.783014] ? simple_thread+0x2a/0xb0 [ftrace_direct_modify]<br /> [ 74.783508] ? __schedule+0xb40/0xb40<br /> [ 74.783832] ? my_tramp2+0x11/0x11 [ftrace_direct_modify]<br /> [ 74.784294] simple_thread+0x76/0xb0 [ftrace_direct_modify]<br /> [ 74.784766] kthread+0xf5/0x120<br /> [ 74.785052] ? kthread_complete_and_exit+0x20/0x20<br /> [ 74.785464] ret_from_fork+0x22/0x30<br /> [ 74.785781] <br /> <br /> Fix this by using register_ftrace_function_nolock in<br /> ftrace_modify_direct_caller.