CVE-2023-53522

In the Linux kernel, the following vulnerability has been resolved:

cgroup,freezer: hold cpuhotpluglock before freezer_mutex

syzbot is reporting circular locking dependency between cpuhotpluglock and freezermutex, for commit f5d39b020809 ("freezer,sched: Rewrite core freezer logic") replaced atomicinc() in freezerapplystate() with staticbranchinc() which holds cpuhotpluglock.

cpuhotpluglock => cgroupthreadgrouprwsem => freezer_mutex

cgroupfilewrite() { cgroupprocswrite() { _cgroupprocswrite() { cgroupprocswritestart() { cgroupattachlock() { cpusreadlock() { percpudownread(&cpuhotpluglock); } percpudownwrite(&cgroupthreadgrouprwsem); } } cgroupattachtask() { cgroupmigrate() { cgroupmigrateexecute() { freezerattach() { mutexlock(&freezermutex); (...snipped...) } } } } (...snipped...) } } }

freezermutex => cpuhotplug_lock

cgroupfilewrite() { freezerwrite() { freezerchangestate() { mutexlock(&freezermutex); freezerapplystate() { staticbranchinc(&freezeractive) { statickeyslowinc() { cpusreadlock(); statickeyslowinccpuslocked(); cpusreadunlock(); } } } mutexunlock(&freezer_mutex); } } }

Swap locking order by moving cpusreadlock() in freezerapplystate() to before mutexlock(&freezermutex) in freezerchangestate().