CVE-2022-49265

When a genpd with GENPDFLAGIRQSAFE gets removed, the following sleep-in-atomic bug will be seen, as genpddebug_remove() will be called with a spinlock being held.

[ 0.029183] BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1460 [ 0.029204] inatomic(): 1, irqsdisabled(): 128, nonblock: 0, pid: 1, name: swapper/0 [ 0.029219] preemptcount: 1, expected: 0 [ 0.029230] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 5.17.0-rc4+ #489 [ 0.029245] Hardware name: Thundercomm TurboX CM2290 (DT) [ 0.029256] Call trace: [ 0.029265] dumpbacktrace.part.0+0xbc/0xd0 [ 0.029285] showstack+0x3c/0xa0 [ 0.029298] dumpstacklvl+0x7c/0xa0 [ 0.029311] dumpstack+0x18/0x34 [ 0.029323] _mightresched+0x10c/0x13c [ 0.029338] _mightsleep+0x4c/0x80 [ 0.029351] downread+0x24/0xd0 [ 0.029363] lookuponelenunlocked+0x9c/0xcc [ 0.029379] lookuppositiveunlocked+0x10/0x50 [ 0.029392] debugfslookup+0x68/0xac [ 0.029406] genpdremove.part.0+0x12c/0x1b4 [ 0.029419] ofgenpdremovelast+0xa8/0xd4 [ 0.029434] pscicpuidledomainprobe+0x174/0x53c [ 0.029449] platformprobe+0x68/0xe0 [ 0.029462] reallyprobe+0x190/0x430 [ 0.029473] _driverprobedevice+0x90/0x18c [ 0.029485] driverprobedevice+0x40/0xe0 [ 0.029497] _driverattach+0xf4/0x1d0 [ 0.029508] busforeachdev+0x70/0xd0 [ 0.029523] driverattach+0x24/0x30 [ 0.029534] busadddriver+0x164/0x22c [ 0.029545] driverregister+0x78/0x130 [ 0.029556] _platformdriverregister+0x28/0x34 [ 0.029569] psciidleinitdomains+0x1c/0x28 [ 0.029583] dooneinitcall+0x50/0x1b0 [ 0.029595] kernelinitfreeable+0x214/0x280 [ 0.029609] kernelinit+0x2c/0x13c [ 0.029622] retfromfork+0x10/0x20

It doesn't seem necessary to call genpddebugremove() with the lock, so move it out from locking to fix the problem.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

718072ceb211833f3c71724f49d733d636067191

Fixed

2039163c30f886cf5638afd6993705ae9bb34a06

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

718072ceb211833f3c71724f49d733d636067191

Fixed

d1b6840d8fb9b35193d45d8fe6b4d830bfd20c3c

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

718072ceb211833f3c71724f49d733d636067191

Fixed

fee777ea77769cc5392a34805d9d73099a223fae

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

718072ceb211833f3c71724f49d733d636067191

Fixed

f6bfe8b5b2c2a5ac8bd2fc7bca3706e6c3fc26d8

Affected versions

v5.*

v5.10

v5.10-rc6

v5.10-rc7

v5.11

v5.11-rc1

v5.11-rc2

v5.11-rc3

v5.11-rc4

v5.11-rc5

v5.11-rc6

v5.11-rc7

v5.12

v5.12-rc1

v5.12-rc1-dontuse

v5.12-rc2

v5.12-rc3

v5.12-rc4

v5.12-rc5

v5.12-rc6

v5.12-rc7

v5.12-rc8

v5.13

v5.13-rc1

v5.13-rc2

v5.13-rc3

v5.13-rc4

v5.13-rc5

v5.13-rc6

v5.13-rc7

v5.14

v5.14-rc1

v5.14-rc2

v5.14-rc3

v5.14-rc4

v5.14-rc5

v5.14-rc6

v5.14-rc7

v5.15

v5.15-rc1

v5.15-rc2

v5.15-rc3

v5.15-rc4

v5.15-rc5

v5.15-rc6

v5.15-rc7

v5.15.1

v5.15.10

v5.15.11

v5.15.12

v5.15.13

v5.15.14

v5.15.15

v5.15.16

v5.15.17

v5.15.18

v5.15.19

v5.15.2

v5.15.20

v5.15.21

v5.15.22

v5.15.23

v5.15.24

v5.15.25

v5.15.26

v5.15.27

v5.15.28

v5.15.29

v5.15.3

v5.15.30

v5.15.31

v5.15.32

v5.15.4

v5.15.5

v5.15.6

v5.15.7

v5.15.8

v5.15.9

v5.16

v5.16-rc1

v5.16-rc2

v5.16-rc3

v5.16-rc4

v5.16-rc5

v5.16-rc6

v5.16-rc7

v5.16-rc8

v5.16.1

v5.16.10

v5.16.11

v5.16.12

v5.16.13

v5.16.14

v5.16.15

v5.16.16

v5.16.17

v5.16.18

v5.16.2

v5.16.3

v5.16.4

v5.16.5

v5.16.6

v5.16.7

v5.16.8

v5.16.9

v5.17

v5.17-rc1

v5.17-rc2

v5.17-rc3

v5.17-rc4

v5.17-rc5

v5.17-rc6

v5.17-rc7

v5.17-rc8

v5.17.1

Database specific

vanir_signatures

[
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fee777ea77769cc5392a34805d9d73099a223fae",
        "target": {
            "function": "genpd_remove",
            "file": "drivers/base/power/domain.c"
        },
        "id": "CVE-2022-49265-262e8278",
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "digest": {
            "function_hash": "222189406373616620888045484988948822910",
            "length": 972.0
        }
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2039163c30f886cf5638afd6993705ae9bb34a06",
        "target": {
            "file": "drivers/base/power/domain.c"
        },
        "id": "CVE-2022-49265-27becf47",
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "1618540578180237480954442806549884622",
                "24409542601717617871495594238944129146",
                "325932021838743402232833206388701638119",
                "115124433606524088086293712069827040164",
                "257488355953452530951402946835667354389",
                "226965390740736426952604219594252085392"
            ],
            "threshold": 0.9
        }
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fee777ea77769cc5392a34805d9d73099a223fae",
        "target": {
            "file": "drivers/base/power/domain.c"
        },
        "id": "CVE-2022-49265-3d7d24da",
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "1618540578180237480954442806549884622",
                "24409542601717617871495594238944129146",
                "325932021838743402232833206388701638119",
                "115124433606524088086293712069827040164",
                "257488355953452530951402946835667354389",
                "226965390740736426952604219594252085392"
            ],
            "threshold": 0.9
        }
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2039163c30f886cf5638afd6993705ae9bb34a06",
        "target": {
            "function": "genpd_remove",
            "file": "drivers/base/power/domain.c"
        },
        "id": "CVE-2022-49265-5ca45e56",
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "digest": {
            "function_hash": "222189406373616620888045484988948822910",
            "length": 972.0
        }
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d1b6840d8fb9b35193d45d8fe6b4d830bfd20c3c",
        "target": {
            "function": "genpd_remove",
            "file": "drivers/base/power/domain.c"
        },
        "id": "CVE-2022-49265-74729d72",
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "digest": {
            "function_hash": "222189406373616620888045484988948822910",
            "length": 972.0
        }
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d1b6840d8fb9b35193d45d8fe6b4d830bfd20c3c",
        "target": {
            "file": "drivers/base/power/domain.c"
        },
        "id": "CVE-2022-49265-87efaf21",
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "1618540578180237480954442806549884622",
                "24409542601717617871495594238944129146",
                "325932021838743402232833206388701638119",
                "115124433606524088086293712069827040164",
                "257488355953452530951402946835667354389",
                "226965390740736426952604219594252085392"
            ],
            "threshold": 0.9
        }
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f6bfe8b5b2c2a5ac8bd2fc7bca3706e6c3fc26d8",
        "target": {
            "function": "genpd_remove",
            "file": "drivers/base/power/domain.c"
        },
        "id": "CVE-2022-49265-cfc128f9",
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "digest": {
            "function_hash": "222189406373616620888045484988948822910",
            "length": 972.0
        }
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f6bfe8b5b2c2a5ac8bd2fc7bca3706e6c3fc26d8",
        "target": {
            "file": "drivers/base/power/domain.c"
        },
        "id": "CVE-2022-49265-eab0d566",
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "1618540578180237480954442806549884622",
                "24409542601717617871495594238944129146",
                "325932021838743402232833206388701638119",
                "115124433606524088086293712069827040164",
                "257488355953452530951402946835667354389",
                "226965390740736426952604219594252085392"
            ],
            "threshold": 0.9
        }
    }
]

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.11.0

Fixed

5.15.33

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

5.16.19

Type: ECOSYSTEM
Events: Introduced

5.17.0

Fixed

5.17.2