fkie_cve-2024-42274
Vulnerability from fkie_nvd
Published
2024-08-17 09:15
Modified
2024-08-19 12:59
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: Revert "ALSA: firewire-lib: operate for period elapse event in process context" Commit 7ba5ca32fe6e ("ALSA: firewire-lib: operate for period elapse event in process context") removed the process context workqueue from amdtp_domain_stream_pcm_pointer() and update_pcm_pointers() to remove its overhead. With RME Fireface 800, this lead to a regression since Kernels 5.14.0, causing an AB/BA deadlock competition for the substream lock with eventual system freeze under ALSA operation: thread 0: * (lock A) acquire substream lock by snd_pcm_stream_lock_irq() in snd_pcm_status64() * (lock B) wait for tasklet to finish by calling tasklet_unlock_spin_wait() in tasklet_disable_in_atomic() in ohci_flush_iso_completions() of ohci.c thread 1: * (lock B) enter tasklet * (lock A) attempt to acquire substream lock, waiting for it to be released: snd_pcm_stream_lock_irqsave() in snd_pcm_period_elapsed() in update_pcm_pointers() in process_ctx_payloads() in process_rx_packets() of amdtp-stream.c ? tasklet_unlock_spin_wait </NMI> <TASK> ohci_flush_iso_completions firewire_ohci amdtp_domain_stream_pcm_pointer snd_firewire_lib snd_pcm_update_hw_ptr0 snd_pcm snd_pcm_status64 snd_pcm ? native_queued_spin_lock_slowpath </NMI> <IRQ> _raw_spin_lock_irqsave snd_pcm_period_elapsed snd_pcm process_rx_packets snd_firewire_lib irq_target_callback snd_firewire_lib handle_it_packet firewire_ohci context_tasklet firewire_ohci Restore the process context work queue to prevent deadlock AB/BA deadlock competition for ALSA substream lock of snd_pcm_stream_lock_irq() in snd_pcm_status64() and snd_pcm_stream_lock_irqsave() in snd_pcm_period_elapsed(). revert commit 7ba5ca32fe6e ("ALSA: firewire-lib: operate for period elapse event in process context") Replace inline description to prevent future deadlock.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/36c255db5a25edd42d1aca48e38b8e95ee5fd9ef
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/3dab73ab925a51ab05543b491bf17463a48ca323
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/7c07220cf634002f93a87ca2252a32766850f2d1
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/b239a37d68e8bc59f9516444da222841e3b13ba9
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/f5043e69aeb2786f32e84132817a007a6430aa7d
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"ALSA: firewire-lib: operate for period elapse event in process context\"\n\nCommit 7ba5ca32fe6e (\"ALSA: firewire-lib: operate for period elapse event\nin process context\") removed the process context workqueue from\namdtp_domain_stream_pcm_pointer() and update_pcm_pointers() to remove\nits overhead.\n\nWith RME Fireface 800, this lead to a regression since\nKernels 5.14.0, causing an AB/BA deadlock competition for the\nsubstream lock with eventual system freeze under ALSA operation:\n\nthread 0:\n    * (lock A) acquire substream lock by\n\tsnd_pcm_stream_lock_irq() in\n\tsnd_pcm_status64()\n    * (lock B) wait for tasklet to finish by calling\n    \ttasklet_unlock_spin_wait() in\n\ttasklet_disable_in_atomic() in\n\tohci_flush_iso_completions() of ohci.c\n\nthread 1:\n    * (lock B) enter tasklet\n    * (lock A) attempt to acquire substream lock,\n    \twaiting for it to be released:\n\tsnd_pcm_stream_lock_irqsave() in\n    \tsnd_pcm_period_elapsed() in\n\tupdate_pcm_pointers() in\n\tprocess_ctx_payloads() in\n\tprocess_rx_packets() of amdtp-stream.c\n\n? tasklet_unlock_spin_wait\n \u003c/NMI\u003e\n \u003cTASK\u003e\nohci_flush_iso_completions firewire_ohci\namdtp_domain_stream_pcm_pointer snd_firewire_lib\nsnd_pcm_update_hw_ptr0 snd_pcm\nsnd_pcm_status64 snd_pcm\n\n? native_queued_spin_lock_slowpath\n \u003c/NMI\u003e\n \u003cIRQ\u003e\n_raw_spin_lock_irqsave\nsnd_pcm_period_elapsed snd_pcm\nprocess_rx_packets snd_firewire_lib\nirq_target_callback snd_firewire_lib\nhandle_it_packet firewire_ohci\ncontext_tasklet firewire_ohci\n\nRestore the process context work queue to prevent deadlock\nAB/BA deadlock competition for ALSA substream lock of\nsnd_pcm_stream_lock_irq() in snd_pcm_status64()\nand snd_pcm_stream_lock_irqsave() in snd_pcm_period_elapsed().\n\nrevert commit 7ba5ca32fe6e (\"ALSA: firewire-lib: operate for period\nelapse event in process context\")\n\nReplace inline description to prevent future deadlock."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Revertir \"ALSA: firewire-lib: operar durante el evento transcurrido en el contexto del proceso\" commit 7ba5ca32fe6e (\"ALSA: firewire-lib: operar durante el evento transcurrido en el contexto del proceso\") eliminada la cola de trabajo del contexto del proceso de amdtp_domain_stream_pcm_pointer() y update_pcm_pointers() para eliminar su sobrecarga. Con RME Fireface 800, esto condujo a una regresi\u00f3n desde Kernels 5.14.0, lo que provoc\u00f3 una competencia de punto muerto AB/BA para el bloqueo de substream con una eventual congelaci\u00f3n del sistema bajo la operaci\u00f3n ALSA: subproceso 0: * (bloqueo A) adquiere el bloqueo de substream mediante snd_pcm_stream_lock_irq() en snd_pcm_status64() * (bloqueo B) espere a que finalice el tasklet llamando a tasklet_unlock_spin_wait() en tasklet_disable_in_atomic() en ohci_flush_iso_completions() del subproceso 1 de ohci.c: * (bloqueo B) ingrese al tasklet * (bloqueo A) intente adquirir el subflujo bloquear, esperando a que se libere: snd_pcm_stream_lock_irqsave() en snd_pcm_period_elapsed() en update_pcm_pointers() en Process_ctx_payloads() en Process_rx_packets() de amdtp-stream.c? tasklet_unlock_spin_wait   ohci_flush_iso_completions firewire_ohci amdtp_domain_stream_pcm_pointer snd_firewire_lib snd_pcm_update_hw_ptr0 snd_pcm snd_pcm_status64 snd_pcm ? nativo_queued_spin_lock_slowpath   _raw_spin_lock_irqsave snd_pcm_period_elapsed snd_pcm Process_rx_packets snd_firewire_lib irq_target_callback snd_firewire_lib handle_it_packet firewire_ohci context_tasklet firewire_ohci Restaurar la cola de trabajo del contexto del proceso para evitar un punto muerto Competencia de punto muerto AB/BA para el bloqueo de subtransmisi\u00f3n ALSA de snd_pcm_stream_lock_irq() en snd_pcm_status64() y snd_pcm_stream_lock_irqsave() en snd_pcm_period_elapsed(). revertir el commit 7ba5ca32fe6e (\"ALSA: firewire-lib: operar durante el evento de per\u00edodo transcurrido en el contexto del proceso\") Reemplace la descripci\u00f3n en l\u00ednea para evitar futuros interbloqueos."
    }
  ],
  "id": "CVE-2024-42274",
  "lastModified": "2024-08-19T12:59:59.177",
  "metrics": {},
  "published": "2024-08-17T09:15:08.530",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/36c255db5a25edd42d1aca48e38b8e95ee5fd9ef"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/3dab73ab925a51ab05543b491bf17463a48ca323"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/7c07220cf634002f93a87ca2252a32766850f2d1"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/b239a37d68e8bc59f9516444da222841e3b13ba9"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/f5043e69aeb2786f32e84132817a007a6430aa7d"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.