A recently resolved vulnerability (CVE-2025-21684) in the Linux kernel exists within the GPIO (General Purpose Input/Output) of Xilinx devices, specifically related to the gpio_lock conversion to the raw spinlock. The irq_chip functions, which may be called in a raw spinlock context, were causing a lockdep splat that represents a potential exploit if not addressed properly.
The fix involves converting gpio_lock to a raw spinlock to ensure compatibility with irq_chip functions. The original code snippet with the issue can be viewed below, taken from drivers/gpio/gpio-xilinx.c:
xgpio_irq_unmask (drivers/gpio/gpio-xilinx.c:433 (discriminator 8))
The updated code snippet with the fix applied can be viewed below, corresponding to the conversion of the gpio_lock to raw spinlock:
// irq_chip functions may be called in raw spinlock context.
// Therefore, we must also use a raw spinlock for our own internal locking.
For more details on the vulnerability, as well as references to original sources and further information on the exploit, please refer to the following links:
- Kernel.org Patchwork
- The Linux Kernel - xilinx GPIO
- Linux Kernel Mailing List (requires registration)
It is highly recommended that developers and administrators stay informed about the latest updates and patches to ensure the security of their Linux systems. Applying the patch for this vulnerability can help reduce the risk of potential exploits and maintain a strong, secure environment.
Timeline
Published on: 02/09/2025 12:15:29 UTC
Last modified on: 02/11/2025 16:12:41 UTC