发布于3月6日3月6日 Members Red Hat: CVE-2024-35927: kernel: drm: Check output polling initialized before disabling (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 05/19/2024 Created 12/06/2024 Added 12/05/2024 Modified 12/05/2024 Description In the Linux kernel, the following vulnerability has been resolved: drm: Check output polling initialized before disabling In drm_kms_helper_poll_disable() check if output polling support is initialized before disabling polling. If not flag this as a warning. Additionally in drm_mode_config_helper_suspend() and drm_mode_config_helper_resume() calls, that re the callers of these functions, avoid invoking them if polling is not initialized. For drivers like hyperv-drm, that do not initialize connector polling, if suspend is called without this check, it leads to suspend failure with following stack [770.719392] Freezing remaining freezable tasks ... (elapsed 0.001 seconds) done. [770.720592] printk: Suspending console(s) (use no_console_suspend to debug) [770.948823] ------------[ cut here ]------------ [770.948824] WARNING: CPU: 1 PID: 17197 at kernel/workqueue.c:3162 __flush_work.isra.0+0x212/0x230 [770.948831] Modules linked in: rfkill nft_counter xt_conntrack xt_owner udf nft_compat crc_itu_t nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables nfnetlink vfat fat mlx5_ib ib_uverbs ib_core mlx5_core intel_rapl_msr intel_rapl_common kvm_amd ccp mlxfw kvm psample hyperv_drm tls drm_shmem_helper drm_kms_helper irqbypass pcspkr syscopyarea sysfillrect sysimgblt hv_balloon hv_utils joydev drm fuse xfs libcrc32c pci_hyperv pci_hyperv_intf sr_mod sd_mod cdrom t10_pi sg hv_storvsc scsi_transport_fc hv_netvsc serio_raw hyperv_keyboard hid_hyperv crct10dif_pclmul crc32_pclmul crc32c_intel hv_vmbus ghash_clmulni_intel dm_mirror dm_region_hash dm_log dm_mod [770.948863] CPU: 1 PID: 17197 Comm: systemd-sleep Not tainted 5.14.0-362.2.1.el9_3.x86_64 #1 [770.948865] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 05/09/2022 [770.948866] RIP: 0010:__flush_work.isra.0+0x212/0x230 [770.948869] Code: 8b 4d 00 4c 8b 45 08 89 ca 48 c1 e9 04 83 e2 08 83 e1 0f 83 ca 02 89 c8 48 0f ba 6d 00 03 e9 25 ff ff ff 0f 0b e9 4e ff ff ff <0f> 0b 45 31 ed e9 44 ff ff ff e8 8f 89 b2 00 66 66 2e 0f 1f 84 00 [770.948870] RSP: 0018:ffffaf4ac213fb10 EFLAGS: 00010246 [770.948871] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff8c992857 [770.948872] RDX: 0000000000000001 RSI: 0000000000000001 RDI: ffff9aad82b00330 [770.948873] RBP: ffff9aad82b00330 R08: 0000000000000000 R09: ffff9aad87ee3d10 [770.948874] R10: 0000000000000200 R11: 0000000000000000 R12: ffff9aad82b00330 [770.948874] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [770.948875] FS:00007ff1b2f6bb40(0000) GS:ffff9aaf37d00000(0000) knlGS:0000000000000000 [770.948878] CS:0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [770.948878] CR2: 0000555f345cb666 CR3: 00000001462dc005 CR4: 0000000000370ee0 [770.948879] Call Trace: [770.948880]<TASK> [770.948881]? show_trace_log_lvl+0x1c4/0x2df [770.948884]? show_trace_log_lvl+0x1c4/0x2df [770.948886]? __cancel_work_timer+0x103/0x190 [770.948887]? __flush_work.isra.0+0x212/0x230 [770.948889]? __warn+0x81/0x110 [770.948891]? __flush_work.isra.0+0x212/0x230 [770.948892]? report_bug+0x10a/0x140 [770.948895]? handle_bug+0x3c/0x70 [770.948898]? exc_invalid_op+0x14/0x70 [770.948899]? asm_exc_invalid_op+0x16/0x20 [770.948903]? __flush_work.isra.0+0x212/0x230 [770.948905]__cancel_work_timer+0x103/0x190 [770.948907]? _raw_spin_unlock_irqrestore+0xa/0x30 [770.948910]drm_kms_helper_poll_disable+0x1e/0x40 [drm_kms_helper] [770.948923]drm_mode_config_helper_suspend+0x1c/0x80 [drm_kms_helper] [770.948933]? __pfx_vmbus_suspend+0x10/0x10 [hv_vmbus] [770.948942]hyperv_vmbus_suspend+0x17/0x40 [hyperv_drm] [770.948944]? __pfx_vmbus_suspend+0x10/0x10 [hv_vmbus] [770.948951]dpm_run_callback+0x4c/0x140 [770.948954]__device_suspend_noir ---truncated--- Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2024-35927 RHSA-2024:9315
