CVE-2023-53216

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> arm64: efi: Make efi_rt_lock a raw_spinlock<br /> <br /> Running a rt-kernel base on 6.2.0-rc3-rt1 on an Ampere Altra outputs<br /> the following:<br /> BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:46<br /> in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 9, name: kworker/u320:0<br /> preempt_count: 2, expected: 0<br /> RCU nest depth: 0, expected: 0<br /> 3 locks held by kworker/u320:0/9:<br /> #0: ffff3fff8c27d128 ((wq_completion)efi_rts_wq){+.+.}-{0:0}, at: process_one_work (./include/linux/atomic/atomic-long.h:41)<br /> #1: ffff80000861bdd0 ((work_completion)(&amp;efi_rts_work.work)){+.+.}-{0:0}, at: process_one_work (./include/linux/atomic/atomic-long.h:41)<br /> #2: ffffdf7e1ed3e460 (efi_rt_lock){+.+.}-{3:3}, at: efi_call_rts (drivers/firmware/efi/runtime-wrappers.c:101)<br /> Preemption disabled at:<br /> efi_virtmap_load (./arch/arm64/include/asm/mmu_context.h:248)<br /> CPU: 0 PID: 9 Comm: kworker/u320:0 Tainted: G W 6.2.0-rc3-rt1<br /> Hardware name: WIWYNN Mt.Jade Server System B81.03001.0005/Mt.Jade Motherboard, BIOS 1.08.20220218 (SCP: 1.08.20220218) 2022/02/18<br /> Workqueue: efi_rts_wq efi_call_rts<br /> Call trace:<br /> dump_backtrace (arch/arm64/kernel/stacktrace.c:158)<br /> show_stack (arch/arm64/kernel/stacktrace.c:165)<br /> dump_stack_lvl (lib/dump_stack.c:107 (discriminator 4))<br /> dump_stack (lib/dump_stack.c:114)<br /> __might_resched (kernel/sched/core.c:10134)<br /> rt_spin_lock (kernel/locking/rtmutex.c:1769 (discriminator 4))<br /> efi_call_rts (drivers/firmware/efi/runtime-wrappers.c:101)<br /> [...]<br /> <br /> This seems to come from commit ff7a167961d1 ("arm64: efi: Execute<br /> runtime services from a dedicated stack") which adds a spinlock. This<br /> spinlock is taken through:<br /> efi_call_rts()<br /> \-efi_call_virt()<br /> \-efi_call_virt_pointer()<br /> \-arch_efi_call_virt_setup()<br /> <br /> Make &amp;#39;efi_rt_lock&amp;#39; a raw_spinlock to avoid being preempted.<br /> <br /> [ardb: The EFI runtime services are called with a different set of<br /> translation tables, and are permitted to use the SIMD registers.<br /> The context switch code preserves/restores neither, and so EFI<br /> calls must be made with preemption disabled, rather than only<br /> disabling migration.]