In the Linux kernel, the following vulnerability has been resolved:
Revert "ALSA: firewire-lib: operate for period elapse event in process context"
Commit 7ba5ca32fe6e ("ALSA: firewire-lib: operate for period elapse event in process context") removed the process context workqueue from amdtpdomainstreampcmpointer() and updatepcmpointers() to remove its overhead.
With RME Fireface 800, this lead to a regression since Kernels 5.14.0, causing an AB/BA deadlock competition for the substream lock with eventual system freeze under ALSA operation:
thread 0: * (lock A) acquire substream lock by sndpcmstreamlockirq() in sndpcmstatus64() * (lock B) wait for tasklet to finish by calling taskletunlockspinwait() in taskletdisableinatomic() in ohciflushiso_completions() of ohci.c
thread 1: * (lock B) enter tasklet * (lock A) attempt to acquire substream lock, waiting for it to be released: sndpcmstreamlockirqsave() in sndpcmperiodelapsed() in updatepcmpointers() in processctxpayloads() in processrx_packets() of amdtp-stream.c
? taskletunlockspinwait </NMI> <TASK> ohciflushisocompletions firewireohci amdtpdomainstreampcmpointer sndfirewirelib sndpcmupdatehwptr0 sndpcm sndpcmstatus64 snd_pcm
? nativequeuedspinlockslowpath </NMI> <IRQ> rawspinlockirqsave sndpcmperiodelapsed sndpcm processrxpackets sndfirewirelib irqtargetcallback sndfirewirelib handleitpacket firewireohci contexttasklet firewire_ohci
Restore the process context work queue to prevent deadlock AB/BA deadlock competition for ALSA substream lock of sndpcmstreamlockirq() in sndpcmstatus64() and sndpcmstreamlockirqsave() in sndpcmperiod_elapsed().
revert commit 7ba5ca32fe6e ("ALSA: firewire-lib: operate for period elapse event in process context")
Replace inline description to prevent future deadlock.
{ "vanir_signatures": [ { "digest": { "length": 227.0, "function_hash": "153030857582827719837208316810702920859" }, "target": { "function": "amdtp_domain_stream_pcm_pointer", "file": "sound/firewire/amdtp-stream.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f5043e69aeb2786f32e84132817a007a6430aa7d", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-42274-0af67d29" }, { "digest": { "line_hashes": [ "94763118273653776599400517802869520815", "68178356943144893324405824287271343728", "157090777653510207739360923300675242588", "188472045094689627610474034058397212057", "281885461693252317339250358339195594594", "26748820648579400433369554619335491711", "124230051641438952271295766184366230804", "49180876947970800058839946403030708373", "108587633537507210242609878158511307392", "227295282641189414722165924788372195804", "227127010051344072797935470099781606292", "322239492613039642716093345150516161505", "153393884055239524300490132462194786015", "33144260274923119397109041496768797117", "247229561667510882895652730482095304774" ], "threshold": 0.9 }, "target": { "file": "sound/firewire/amdtp-stream.c" }, "signature_type": "Line", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3dab73ab925a51ab05543b491bf17463a48ca323", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-42274-0e159a0c" }, { "digest": { "length": 227.0, "function_hash": "153030857582827719837208316810702920859" }, "target": { "function": "amdtp_domain_stream_pcm_pointer", "file": "sound/firewire/amdtp-stream.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b239a37d68e8bc59f9516444da222841e3b13ba9", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-42274-1b00e617" }, { "digest": { "length": 586.0, "function_hash": "276297613865878971419928741032052867811" }, "target": { "function": "update_pcm_pointers", "file": "sound/firewire/amdtp-stream.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f5043e69aeb2786f32e84132817a007a6430aa7d", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-42274-47bfac3b" }, { "digest": { "line_hashes": [ "94763118273653776599400517802869520815", "68178356943144893324405824287271343728", "157090777653510207739360923300675242588", "188472045094689627610474034058397212057", "281885461693252317339250358339195594594", "26748820648579400433369554619335491711", "124230051641438952271295766184366230804", "49180876947970800058839946403030708373", "108587633537507210242609878158511307392", "227295282641189414722165924788372195804", "227127010051344072797935470099781606292", "322239492613039642716093345150516161505", "153393884055239524300490132462194786015", "33144260274923119397109041496768797117", "247229561667510882895652730482095304774" ], "threshold": 0.9 }, "target": { "file": "sound/firewire/amdtp-stream.c" }, "signature_type": "Line", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@36c255db5a25edd42d1aca48e38b8e95ee5fd9ef", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-42274-6ff4763e" }, { "digest": { "length": 586.0, "function_hash": "276297613865878971419928741032052867811" }, "target": { "function": "update_pcm_pointers", "file": "sound/firewire/amdtp-stream.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3dab73ab925a51ab05543b491bf17463a48ca323", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-42274-7877a860" }, { "digest": { "line_hashes": [ "94763118273653776599400517802869520815", "68178356943144893324405824287271343728", "157090777653510207739360923300675242588", "188472045094689627610474034058397212057", "281885461693252317339250358339195594594", "26748820648579400433369554619335491711", "124230051641438952271295766184366230804", "49180876947970800058839946403030708373", "108587633537507210242609878158511307392", "227295282641189414722165924788372195804", "227127010051344072797935470099781606292", "322239492613039642716093345150516161505", "153393884055239524300490132462194786015", "33144260274923119397109041496768797117", "247229561667510882895652730482095304774" ], "threshold": 0.9 }, "target": { "file": "sound/firewire/amdtp-stream.c" }, "signature_type": "Line", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b239a37d68e8bc59f9516444da222841e3b13ba9", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-42274-870c4aa6" }, { "digest": { "line_hashes": [ "94763118273653776599400517802869520815", "68178356943144893324405824287271343728", "157090777653510207739360923300675242588", "188472045094689627610474034058397212057", "281885461693252317339250358339195594594", "26748820648579400433369554619335491711", "124230051641438952271295766184366230804", "49180876947970800058839946403030708373", "108587633537507210242609878158511307392", "227295282641189414722165924788372195804", "227127010051344072797935470099781606292", "322239492613039642716093345150516161505", "153393884055239524300490132462194786015", "33144260274923119397109041496768797117", "247229561667510882895652730482095304774" ], "threshold": 0.9 }, "target": { "file": "sound/firewire/amdtp-stream.c" }, "signature_type": "Line", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7c07220cf634002f93a87ca2252a32766850f2d1", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-42274-ae183aa3" }, { "digest": { "length": 586.0, "function_hash": "276297613865878971419928741032052867811" }, "target": { "function": "update_pcm_pointers", "file": "sound/firewire/amdtp-stream.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@36c255db5a25edd42d1aca48e38b8e95ee5fd9ef", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-42274-d59fe7d7" }, { "digest": { "length": 227.0, "function_hash": "153030857582827719837208316810702920859" }, "target": { "function": "amdtp_domain_stream_pcm_pointer", "file": "sound/firewire/amdtp-stream.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3dab73ab925a51ab05543b491bf17463a48ca323", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-42274-df15b6fc" }, { "digest": { "length": 227.0, "function_hash": "153030857582827719837208316810702920859" }, "target": { "function": "amdtp_domain_stream_pcm_pointer", "file": "sound/firewire/amdtp-stream.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@36c255db5a25edd42d1aca48e38b8e95ee5fd9ef", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-42274-e091dcd3" }, { "digest": { "length": 586.0, "function_hash": "276297613865878971419928741032052867811" }, "target": { "function": "update_pcm_pointers", "file": "sound/firewire/amdtp-stream.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b239a37d68e8bc59f9516444da222841e3b13ba9", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-42274-ed5a0396" }, { "digest": { "length": 227.0, "function_hash": "153030857582827719837208316810702920859" }, "target": { "function": "amdtp_domain_stream_pcm_pointer", "file": "sound/firewire/amdtp-stream.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7c07220cf634002f93a87ca2252a32766850f2d1", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-42274-f12e37db" }, { "digest": { "length": 586.0, "function_hash": "276297613865878971419928741032052867811" }, "target": { "function": "update_pcm_pointers", "file": "sound/firewire/amdtp-stream.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7c07220cf634002f93a87ca2252a32766850f2d1", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-42274-f65c1ccb" }, { "digest": { "line_hashes": [ "94763118273653776599400517802869520815", "68178356943144893324405824287271343728", "157090777653510207739360923300675242588", "188472045094689627610474034058397212057", "281885461693252317339250358339195594594", "26748820648579400433369554619335491711", "124230051641438952271295766184366230804", "49180876947970800058839946403030708373", "108587633537507210242609878158511307392", "227295282641189414722165924788372195804", "227127010051344072797935470099781606292", "322239492613039642716093345150516161505", "153393884055239524300490132462194786015", "33144260274923119397109041496768797117", "247229561667510882895652730482095304774" ], "threshold": 0.9 }, "target": { "file": "sound/firewire/amdtp-stream.c" }, "signature_type": "Line", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f5043e69aeb2786f32e84132817a007a6430aa7d", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-42274-ff49f987" } ] }