CVE-2024-35991
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-35991
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-35991.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-35991
- Downstream
- Related
- Published
- 2024-05-20T09:47:56Z
- Modified
- 2025-10-21T21:34:33.073275Z
- Summary
- dmaengine: idxd: Convert spinlock to mutex to lock evl workqueue
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: idxd: Convert spinlock to mutex to lock evl workqueue
drainworkqueue() cannot be called safely in a spinlocked context due to possible task rescheduling. In the multi-task scenario, calling queuework() while drainworkqueue() will lead to a Call Trace as pushing a work on a draining workqueue is not permitted in spinlocked context. Call Trace: <TASK> ? _warn+0x7d/0x140 ? _queuework+0x2b2/0x440 ? reportbug+0x1f8/0x200 ? handlebug+0x3c/0x70 ? excinvalidop+0x18/0x70 ? asmexcinvalidop+0x1a/0x20 ? _queuework+0x2b2/0x440 queueworkon+0x28/0x30 idxdmiscthread+0x303/0x5a0 [idxd] ? _schedule+0x369/0xb40 ? _pfxirqthreadfn+0x10/0x10 ? irqthread+0xbc/0x1b0 irqthreadfn+0x21/0x70 irqthread+0x102/0x1b0 ? preemptcountadd+0x74/0xa0 ? _pfxirqthreaddtor+0x10/0x10 ? _pfxirqthread+0x10/0x10 kthread+0x103/0x140 ? _pfxkthread+0x10/0x10 retfromfork+0x31/0x50 ? _pfxkthread+0x10/0x10 retfromforkasm+0x1b/0x30 </TASK>
The current implementation uses a spinlock to protect event log workqueue and will lead to the Call Trace due to potential task rescheduling.
To address the locking issue, convert the spinlock to mutex, allowing the drain_workqueue() to be called in a safe mutex-locked context.
This change ensures proper synchronization when accessing the event log workqueue, preventing potential Call Trace and improving the overall robustness of the code.
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedc40bd7d9737bdcfb02d42765bc6c59b338151123Fixed758071a35d9f3ffd84ff12169d081412a2f5f098
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedc40bd7d9737bdcfb02d42765bc6c59b338151123Fixedc9b732a9f73eadc638abdcf0a6d39bc7a0c1af5f
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedc40bd7d9737bdcfb02d42765bc6c59b338151123Fixedd5638de827cff0fce77007e426ec0ffdedf68a44
Affected versions
v6.*
v6.3
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.4
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.8.1
v6.8.2
v6.8.3
v6.8.4
v6.8.5
v6.8.6
v6.8.7
v6.8.8
v6.9-rc1
Database specific
vanir_signatures
[
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c9b732a9f73eadc638abdcf0a6d39bc7a0c1af5f",
"deprecated": false,
"id": "CVE-2024-35991-02487f4b",
"target": {
"file": "drivers/dma/idxd/debugfs.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"248012986116806607426189924803160632587",
"224431495987691781720489580958411680707",
"72212960261504105485957724094826027865",
"48311885262034579882030999337318661648",
"229288035970481770453976153624937640231",
"62948620953114214046099682455023193898",
"227821425409496526019198540290239825146",
"119200796931303316667224879601294420858"
]
},
"signature_type": "Line"
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c9b732a9f73eadc638abdcf0a6d39bc7a0c1af5f",
"deprecated": false,
"id": "CVE-2024-35991-157bc941",
"target": {
"file": "drivers/dma/idxd/init.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"84689522911605958486077322495536749700",
"217939377304218689394009519162703826143",
"85790091820635511614708693232873993746",
"150599519763088179297552970784063824858"
]
},
"signature_type": "Line"
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d5638de827cff0fce77007e426ec0ffdedf68a44",
"deprecated": false,
"id": "CVE-2024-35991-18d9504b",
"target": {
"file": "drivers/dma/idxd/init.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"84689522911605958486077322495536749700",
"217939377304218689394009519162703826143",
"85790091820635511614708693232873993746",
"150599519763088179297552970784063824858"
]
},
"signature_type": "Line"
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c9b732a9f73eadc638abdcf0a6d39bc7a0c1af5f",
"deprecated": false,
"id": "CVE-2024-35991-195dc6d7",
"target": {
"file": "drivers/dma/idxd/idxd.h"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"299715413063949675532241809525702817794",
"79626300747909853696345677171121311742",
"4453883968053662508028478440369677541",
"58202843593993615730162972989441183988"
]
},
"signature_type": "Line"
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c9b732a9f73eadc638abdcf0a6d39bc7a0c1af5f",
"deprecated": false,
"id": "CVE-2024-35991-33bd1aea",
"target": {
"file": "drivers/dma/idxd/irq.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"130089170185297699950978577150442876659",
"298460578640267230999034178807305645272",
"149539217850441728447715246068631771679",
"27831208992425869828013436072734153721",
"67546383545037001976540601052680048960",
"188556668952577475371503020007134162999",
"283765064823121989657206633340919295478",
"51120175036068978420402611690185739793"
]
},
"signature_type": "Line"
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d5638de827cff0fce77007e426ec0ffdedf68a44",
"deprecated": false,
"id": "CVE-2024-35991-34131b73",
"target": {
"file": "drivers/dma/idxd/idxd.h"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"299715413063949675532241809525702817794",
"79626300747909853696345677171121311742",
"4453883968053662508028478440369677541",
"58202843593993615730162972989441183988"
]
},
"signature_type": "Line"
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d5638de827cff0fce77007e426ec0ffdedf68a44",
"deprecated": false,
"id": "CVE-2024-35991-3424da6b",
"target": {
"file": "drivers/dma/idxd/device.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"98942464246333648571842312562875799568",
"53250602639368370216724101701743845789",
"189447246681663270238825709507599785110",
"244313843440295778938753861305654334875",
"276832355783870927144779257528857386817",
"158367157887973935516771710887586680763",
"117861504887439629950590105883467095350",
"158030626296597352568060059719551781245",
"287571414511722330938808461787376297881",
"4966656889029563566301332267562599081",
"53674890335227850030090514186797188415",
"116655153544195587825237518380172118225",
"74777716599902165096934771611991303916",
"225204584171371719658629033925875194054",
"82397316069787511496218826012956778622",
"49061630687436775381091278024773670166"
]
},
"signature_type": "Line"
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@758071a35d9f3ffd84ff12169d081412a2f5f098",
"deprecated": false,
"id": "CVE-2024-35991-5c8d4cfb",
"target": {
"file": "drivers/dma/idxd/debugfs.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"248012986116806607426189924803160632587",
"224431495987691781720489580958411680707",
"72212960261504105485957724094826027865",
"48311885262034579882030999337318661648",
"229288035970481770453976153624937640231",
"62948620953114214046099682455023193898",
"227821425409496526019198540290239825146",
"119200796931303316667224879601294420858"
]
},
"signature_type": "Line"
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@758071a35d9f3ffd84ff12169d081412a2f5f098",
"deprecated": false,
"id": "CVE-2024-35991-60436ead",
"target": {
"file": "drivers/dma/idxd/idxd.h"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"301924314745763647137399937190815925634",
"79626300747909853696345677171121311742",
"4453883968053662508028478440369677541",
"58202843593993615730162972989441183988"
]
},
"signature_type": "Line"
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c9b732a9f73eadc638abdcf0a6d39bc7a0c1af5f",
"deprecated": false,
"id": "CVE-2024-35991-6d6f5e2a",
"target": {
"file": "drivers/dma/idxd/cdev.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"252972440756719214035535876793302931706",
"333776698982347506575806520137946455478",
"25548183642805744867418372367350408443",
"110729782572996841441697829078946613947",
"227621286550438989150032965139808911754",
"290296397879650204915512618146400713076",
"128593376659952253915022592796470587023",
"84756356353446870095101172585733574001",
"23696390359316512043974768038108828543"
]
},
"signature_type": "Line"
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@758071a35d9f3ffd84ff12169d081412a2f5f098",
"deprecated": false,
"id": "CVE-2024-35991-7bf4a81f",
"target": {
"file": "drivers/dma/idxd/init.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"84689522911605958486077322495536749700",
"217939377304218689394009519162703826143",
"85790091820635511614708693232873993746",
"150599519763088179297552970784063824858"
]
},
"signature_type": "Line"
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c9b732a9f73eadc638abdcf0a6d39bc7a0c1af5f",
"deprecated": false,
"id": "CVE-2024-35991-874d4fe7",
"target": {
"file": "drivers/dma/idxd/device.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"98942464246333648571842312562875799568",
"53250602639368370216724101701743845789",
"189447246681663270238825709507599785110",
"244313843440295778938753861305654334875",
"276832355783870927144779257528857386817",
"158367157887973935516771710887586680763",
"117861504887439629950590105883467095350",
"158030626296597352568060059719551781245",
"287571414511722330938808461787376297881",
"4966656889029563566301332267562599081",
"53674890335227850030090514186797188415",
"116655153544195587825237518380172118225",
"74777716599902165096934771611991303916",
"225204584171371719658629033925875194054",
"82397316069787511496218826012956778622",
"49061630687436775381091278024773670166"
]
},
"signature_type": "Line"
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@758071a35d9f3ffd84ff12169d081412a2f5f098",
"deprecated": false,
"id": "CVE-2024-35991-9d3db709",
"target": {
"file": "drivers/dma/idxd/irq.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"130089170185297699950978577150442876659",
"298460578640267230999034178807305645272",
"149539217850441728447715246068631771679",
"27831208992425869828013436072734153721",
"67546383545037001976540601052680048960",
"188556668952577475371503020007134162999",
"283765064823121989657206633340919295478",
"51120175036068978420402611690185739793"
]
},
"signature_type": "Line"
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d5638de827cff0fce77007e426ec0ffdedf68a44",
"deprecated": false,
"id": "CVE-2024-35991-9f19c4d9",
"target": {
"file": "drivers/dma/idxd/cdev.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"252972440756719214035535876793302931706",
"333776698982347506575806520137946455478",
"25548183642805744867418372367350408443",
"110729782572996841441697829078946613947",
"227621286550438989150032965139808911754",
"290296397879650204915512618146400713076",
"128593376659952253915022592796470587023",
"84756356353446870095101172585733574001",
"23696390359316512043974768038108828543"
]
},
"signature_type": "Line"
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@758071a35d9f3ffd84ff12169d081412a2f5f098",
"deprecated": false,
"id": "CVE-2024-35991-a434d112",
"target": {
"file": "drivers/dma/idxd/device.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"98942464246333648571842312562875799568",
"53250602639368370216724101701743845789",
"189447246681663270238825709507599785110",
"244313843440295778938753861305654334875",
"276832355783870927144779257528857386817",
"158367157887973935516771710887586680763",
"117861504887439629950590105883467095350",
"158030626296597352568060059719551781245",
"287571414511722330938808461787376297881",
"4966656889029563566301332267562599081",
"53674890335227850030090514186797188415",
"116655153544195587825237518380172118225",
"74777716599902165096934771611991303916",
"225204584171371719658629033925875194054",
"82397316069787511496218826012956778622",
"49061630687436775381091278024773670166"
]
},
"signature_type": "Line"
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d5638de827cff0fce77007e426ec0ffdedf68a44",
"deprecated": false,
"id": "CVE-2024-35991-a762885c",
"target": {
"file": "drivers/dma/idxd/debugfs.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"248012986116806607426189924803160632587",
"224431495987691781720489580958411680707",
"72212960261504105485957724094826027865",
"48311885262034579882030999337318661648",
"229288035970481770453976153624937640231",
"62948620953114214046099682455023193898",
"227821425409496526019198540290239825146",
"119200796931303316667224879601294420858"
]
},
"signature_type": "Line"
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d5638de827cff0fce77007e426ec0ffdedf68a44",
"deprecated": false,
"id": "CVE-2024-35991-ac11b9e5",
"target": {
"file": "drivers/dma/idxd/irq.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"130089170185297699950978577150442876659",
"298460578640267230999034178807305645272",
"149539217850441728447715246068631771679",
"27831208992425869828013436072734153721",
"67546383545037001976540601052680048960",
"188556668952577475371503020007134162999",
"283765064823121989657206633340919295478",
"51120175036068978420402611690185739793"
]
},
"signature_type": "Line"
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@758071a35d9f3ffd84ff12169d081412a2f5f098",
"deprecated": false,
"id": "CVE-2024-35991-dd391082",
"target": {
"function": "idxd_cdev_evl_drain_pasid",
"file": "drivers/dma/idxd/cdev.c"
},
"digest": {
"function_hash": "219137109391498658098302089469141871782",
"length": 625.0
},
"signature_type": "Function"
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@758071a35d9f3ffd84ff12169d081412a2f5f098",
"deprecated": false,
"id": "CVE-2024-35991-ddaa8f3e",
"target": {
"file": "drivers/dma/idxd/cdev.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"252972440756719214035535876793302931706",
"333776698982347506575806520137946455478",
"25548183642805744867418372367350408443",
"110729782572996841441697829078946613947",
"227621286550438989150032965139808911754",
"290296397879650204915512618146400713076",
"128593376659952253915022592796470587023",
"84756356353446870095101172585733574001",
"23696390359316512043974768038108828543"
]
},
"signature_type": "Line"
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d5638de827cff0fce77007e426ec0ffdedf68a44",
"deprecated": false,
"id": "CVE-2024-35991-e0d38bb5",
"target": {
"function": "idxd_cdev_evl_drain_pasid",
"file": "drivers/dma/idxd/cdev.c"
},
"digest": {
"function_hash": "219137109391498658098302089469141871782",
"length": 625.0
},
"signature_type": "Function"
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c9b732a9f73eadc638abdcf0a6d39bc7a0c1af5f",
"deprecated": false,
"id": "CVE-2024-35991-fb132f72",
"target": {
"function": "idxd_cdev_evl_drain_pasid",
"file": "drivers/dma/idxd/cdev.c"
},
"digest": {
"function_hash": "219137109391498658098302089469141871782",
"length": 625.0
},
"signature_type": "Function"
}
]