In the Linux kernel, the following vulnerability has been resolved:
media: chips-media: wave5: Fix device cleanup order to prevent kernel panic
Move video device unregistration to the beginning of the remove function
to ensure all video operations are stopped before cleaning up the worker
thread and disabling PM runtime. This prevents hardware register access
after the device has been powered down.
In polling mode, the hrtimer periodically triggers
wave5_vpu_timer_callback() which queues work to the kthread worker.
The worker executes wave5_vpu_irq_work_fn() which reads hardware
registers via wave5_vdi_read_register().
The original cleanup order disabled PM runtime and powered down hardware
before unregistering video devices. When autosuspend triggers and powers
off the hardware, the video devices are still registered and the worker
thread can still be triggered by the hrtimer, causing it to attempt
reading registers from powered-off hardware. This results in a bus error
(synchronous external abort) and kernel panic.
This causes random kernel panics during encoding operations:
Internal error: synchronous external abort: 0000000096000010
[#1] PREEMPT SMP
Modules linked in: wave5 rpmsg_ctrl rpmsg_char ...
CPU: 0 UID: 0 PID: 1520 Comm: vpu_irq_thread
Tainted: G M W
pc : wave5_vdi_read_register+0x10/0x38 [wave5]
lr : wave5_vpu_irq_work_fn+0x28/0x60 [wave5]
Call trace:
wave5_vdi_read_register+0x10/0x38 [wave5]
kthread_worker_fn+0xd8/0x238
kthread+0x104/0x120
ret_from_fork+0x10/0x20
Code: aa1e03e9 d503201f f9416800 8b214000 (b9400000)
---[ end trace 0000000000000000 ]---
Kernel panic - not syncing: synchronous external abort:
Fatal exception
A Linux kernel vulnerability in the Wave5 media driver causes kernel panic due to improper device cleanup order. The issue occurs when hardware registers are accessed after the device has been powered down, potentially affecting systems using Wave5 video encoding/decoding hardware.
تحدث الثغرة عندما يحاول برنامج تشغيل Wave5 الوصول إلى سجلات الأجهزة بعد إيقاف تشغيل الجهاز، مما يسبب ذعرًا في النواة. المشكلة تنشأ من ترتيب التنظيف غير الصحيح حيث يتم تعطيل وقت التشغيل قبل إلغاء تسجيل أجهزة الفيديو.
A Linux kernel vulnerability in the Wave5 media driver causes kernel panic due to improper device cleanup order. The issue occurs when hardware registers are accessed after the device has been powered down, potentially affecting systems using Wave5 video encoding/decoding hardware.
Update the Linux kernel to the patched version that moves video device unregistration to the beginning of the remove function. Ensure all video operations are stopped before cleaning up worker threads and disabling PM runtime. Apply security patches from your Linux distribution vendor immediately.
قم بتحديث نواة Linux إلى الإصدار المصحح الذي ينقل إلغاء تسجيل جهاز الفيديو إلى بداية دالة الإزالة. تأكد من إيقاف جميع عمليات الفيديو قبل تنظيف خيوط العامل وتعطيل وقت التشغيل. طبق تصحيحات الأمان من بائع توزيع Linux الخاص بك على الفور.