CVE-2024-35968

In the Linux kernel, the following vulnerability has been resolved:

pdscore: Fix pdsccheckpcihealth function to use work thread

When the driver notices fwstatus == 0xff it tries to perform a PCI reset on itself via pciresetfunction() in the context of the driver's health thread. However, pdscresetprepare calls pdscstophealththread(), which attempts to stop/flush the health thread. This results in a deadlock because the stop/flush will never complete since the driver called pciresetfunction() from the health thread context. Fix by changing the pdsccheckpcihealthfunction() to queue a newly introduced pdscpcireset_thread() on the pdsc's work queue.

Unloading the driver in the fw_down/dead state uncovered another issue, which can be seen in the following trace:

WARNING: CPU: 51 PID: 6914 at kernel/workqueue.c:1450 __queue_work+0x358/0x440 [...] RIP: 0010:__queue_work+0x358/0x440 [...] Call Trace: <TASK> ? __warn+0x85/0x140 ? __queuework+0x358/0x440 ? reportbug+0xfc/0x1e0 ? handlebug+0x3f/0x70 ? excinvalidop+0x17/0x70 ? asmexcinvalidop+0x1a/0x20 ? __queuework+0x358/0x440 queueworkon+0x28/0x30 pdscdevcmdlocked+0x96/0xe0 [pdscore] pdscdevcmdreset+0x71/0xb0 [pdscore] pdscteardown+0x51/0xe0 [pdscore] pdscremove+0x106/0x200 [pdscore] pcideviceremove+0x37/0xc0 devicereleasedriverinternal+0xae/0x140 driverdetach+0x48/0x90 busremovedriver+0x6d/0xf0 pciunregisterdriver+0x2e/0xa0 pdsccleanupmodule+0x10/0x780 [pdscore] _x64sysdeletemodule+0x142/0x2b0 ? syscalltraceenter.isra.18+0x126/0x1a0 dosyscall64+0x3b/0x90 entrySYSCALL64afterhwframe+0x72/0xdc RIP: 0033:0x7fbd9d03a14b [...]

Fix this by preventing the devcmd reset if the FW is not running.