CVE-2024-44956

It is really easy to introduce subtle deadlocks in preemptfencework_func() since we operate on single global ordered-wq for signalling our preempt fences behind the scenes, so even though we signal a particular fence, everything in the callback should be in the fence critical section, since blocking in the callback will prevent other published fences from signalling. If we enlarge the fence critical section to cover the entire callback, then lockdep should be able to understand this better, and complain if we grab a sensitive lock like vm->lock, which is also held when waiting on preempt fences.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

dd08ebf6c3525a7ea2186e636df064ea47281987

Fixed

458bb83119dfee5d14c677f7846dd9363817006f

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

dd08ebf6c3525a7ea2186e636df064ea47281987

Fixed

3cd1585e57908b6efcd967465ef7685f40b2a294

Affected versions

v6.*

v6.10

v6.10-rc1

v6.10-rc2

v6.10-rc3

v6.10-rc4

v6.10-rc5

v6.10-rc6

v6.10-rc7

v6.10.1

v6.10.2

v6.10.3

v6.10.4

v6.7

v6.7-rc4

v6.7-rc5

v6.7-rc6

v6.7-rc7

v6.7-rc8

v6.8

v6.8-rc1

v6.8-rc2

v6.8-rc3

v6.8-rc4

v6.8-rc5

v6.8-rc6

v6.8-rc7

v6.9

v6.9-rc1

v6.9-rc2

v6.9-rc3

v6.9-rc4

v6.9-rc5

v6.9-rc6

v6.9-rc7

Database specific

{
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "target": {
                "file": "drivers/gpu/drm/xe/xe_preempt_fence.c"
            },
            "signature_type": "Line",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3cd1585e57908b6efcd967465ef7685f40b2a294",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "15535060908781466996393896778372475476",
                    "322726708907518246103975734395116045215",
                    "172205857295110071488799415216538581964",
                    "309683934479351928644797732749296862446",
                    "236548087879029124628237262084640238147",
                    "104562511984612160086969714502452567341"
                ],
                "threshold": 0.9
            },
            "id": "CVE-2024-44956-39f06d02"
        },
        {
            "signature_version": "v1",
            "target": {
                "function": "preempt_fence_work_func",
                "file": "drivers/gpu/drm/xe/xe_preempt_fence.c"
            },
            "signature_type": "Function",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3cd1585e57908b6efcd967465ef7685f40b2a294",
            "deprecated": false,
            "digest": {
                "length": 366.0,
                "function_hash": "311149263541003934641459739540474978976"
            },
            "id": "CVE-2024-44956-53b5c2b9"
        },
        {
            "signature_version": "v1",
            "target": {
                "function": "preempt_fence_work_func",
                "file": "drivers/gpu/drm/xe/xe_preempt_fence.c"
            },
            "signature_type": "Function",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@458bb83119dfee5d14c677f7846dd9363817006f",
            "deprecated": false,
            "digest": {
                "length": 366.0,
                "function_hash": "311149263541003934641459739540474978976"
            },
            "id": "CVE-2024-44956-d1104a7d"
        },
        {
            "signature_version": "v1",
            "target": {
                "file": "drivers/gpu/drm/xe/xe_preempt_fence.c"
            },
            "signature_type": "Line",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@458bb83119dfee5d14c677f7846dd9363817006f",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "15535060908781466996393896778372475476",
                    "322726708907518246103975734395116045215",
                    "172205857295110071488799415216538581964",
                    "309683934479351928644797732749296862446",
                    "236548087879029124628237262084640238147",
                    "104562511984612160086969714502452567341"
                ],
                "threshold": 0.9
            },
            "id": "CVE-2024-44956-f4664d03"
        }
    ]
}

CVE-2024-44956

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Affected versions

v6.*

Database specific

Linux / Kernel

Package

Affected ranges