A vulnerability has been identified and resolved in the Linux kernel, specifically affecting Mediatek clock controllers. This vulnerability could lead to a deadlock in certain scenarios involving the Power Management (PM) system and the Clock Management (clock) system. This post will explore the details of the vulnerability, provide a code snippet demonstrating the issue (and its fix), and provide links to important references related to the matter. The vulnerability has been resolved by ensuring a runtime PM get on controllers during probe, and the mitigation has been verified on MT8183 and MT8192 Chromebooks.
Vulnerability Details
The issue occurs due to a mutual dependency between mt8183-mfgcfg and genpd during the probing stage of the clock and power management systems, which leads to a deadlock as shown in the following call stack:
genpd_lock()
The vulnerability has been resolved by ensuring a runtime PM get at the probe function so that clk_register() will not acquire the genpd lock. This change preserves the functionality of the system without causing any noticeable regression.
The following code snippet shows how the problem has been fixed within the Linux kernel
diff --git a/drivers/clk/mediatek/clk-mt2701.c b/drivers/clk/mediatek/clk-mt2701.c
index 8eabad..c33b710 100644
--- a/drivers/clk/mediatek/clk-mt2701.c
+++ b/drivers/clk/mediatek/clk-mt2701.c
Link to original references
1. Linux kernel Git repository: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
2. The specific patch that fixes the vulnerability: https://lore.kernel.org/r///MTştQTLTODënLTBагB7çr-üqY7DUDż1ɵ1tY7n7k2Uz7иạnB=ycβIāanуOÖüa/org.kernel.vger.lists.linux-gpio/ă?H=n>2H
Conclusion
The key takeaway from CVE-2024-27002 is that even though the Linux kernel is a mature and widely-used system, vulnerabilities can still be discovered and exploited. It becomes important for developers, system administrators, and end-users to continually update their software and hardware systems to stay protected against new and emerging vulnerabilities. The Linux kernel development community is constantly working to improve the security and stability of the system, making it even more critical to stay up-to-date with the latest patches.
Timeline
Published on: 05/01/2024 06:15:18 UTC
Last modified on: 05/29/2024 05:26:48 UTC