In the Linux kernel, the following vulnerability has been resolved:
srcu: Use irq_work to start GP in tiny SRCU
Tiny SRCU's srcu_gp_start_if_needed() directly calls schedule_work(),
which acquires the workqueue pool->lock.
This causes a lockdep splat when call_srcu() is called with a scheduler
lock held, due to:
call_srcu() [holding pi_lock]
srcu_gp_start_if_needed()
schedule_work() -> pool->lock
workqueue_init() / create_worker() [holding pool->lock]
wake_up_process() -> try_to_wake_up() -> pi_lock
Also add irq_work_sync() to cleanup_srcu_struct() to prevent a
use-after-free if a queued irq_work fires after cleanup begins.
Tested with rcutorture SRCU-T and no lockdep warnings.
[ Thanks to Boqun for similar fix in patch "rcu: Use an intermediate irq_work
to start process_srcu()" ]
A Linux kernel vulnerability in tiny SRCU's grace period initialization could cause lockdep splats when call_srcu() is invoked while holding scheduler locks. The fix uses irq_work instead of direct schedule_work() calls and adds proper cleanup synchronization.
تحتوي نواة لينكس على ثغرة في آلية Tiny SRCU حيث يمكن لاستدعاء call_srcu() أثناء الاحتفاظ بأقفال المجدول أن يسبب تضارباً في ترتيب الأقفال. يتم حل هذه المشكلة باستخدام irq_work بدلاً من schedule_work() المباشر وإضافة مزامنة irq_work_sync() في التنظيف.
A Linux kernel vulnerability in tiny SRCU's grace period initialization could cause lockdep splats when call_srcu() is invoked while holding scheduler locks. The fix uses irq_work instead of direct schedule_work() calls and adds proper cleanup synchronization.
Update Linux kernel to patched version that uses irq_work for SRCU grace period initialization instead of direct schedule_work() calls, and ensure irq_work_sync() is called during cleanup_srcu_struct() to prevent use-after-free conditions.
قم بتحديث نواة لينكس إلى الإصدار المصحح الذي يستخدم irq_work لتهيئة فترة نعمة SRCU بدلاً من استدعاءات schedule_work() المباشرة، وتأكد من استدعاء irq_work_sync() أثناء cleanup_srcu_struct() لمنع حالات use-after-free.