CVE-2023-53866

In the Linux kernel, the following vulnerability has been resolved:

ASoC: soc-compress: Reposition and add pcm_mutex

If paniconwarn is set and compress stream(DPCM) is started, then kernel panic occurred because card->pcmmutex isn't held appropriately. In the following functions, warning were issued at this line "sndsocdpcmmutexassertheld".

static int dpcmbeconnect(struct sndsocpcmruntime *fe, struct sndsocpcmruntime *be, int stream) { ... sndsocdpcmmutexassert_held(fe); ... }

void dpcmbedisconnect(struct sndsocpcmruntime *fe, int stream) { ... sndsocdpcmmutexassertheld(fe); ... }

void sndsocruntimeaction(struct sndsocpcmruntime *rtd, int stream, int action) { ... sndsocdpcmmutexassert_held(rtd); ... }

int dpcmdapmstreamevent(struct sndsocpcmruntime *fe, int dir, int event) { ... sndsocdpcmmutexassert_held(fe); ... }

These functions are called by soccomprsetparamsfe, soccompropenfe and soccomprfreefe without pcm_mutex locking. And this is call stack.

[ 414.527841][ T2179] pc : dpcmprocesspaths+0x5a4/0x750 [ 414.527848][ T2179] lr : dpcmprocesspaths+0x37c/0x750 [ 414.527945][ T2179] Call trace: [ 414.527949][ T2179] dpcmprocesspaths+0x5a4/0x750 [ 414.527955][ T2179] soccompropenfe+0xb0/0x2cc [ 414.527972][ T2179] sndcompropen+0x180/0x248 [ 414.527981][ T2179] sndopen+0x15c/0x194 [ 414.528003][ T2179] chrdevopen+0x1b0/0x220 [ 414.528023][ T2179] dodentryopen+0x30c/0x594 [ 414.528045][ T2179] vfsopen+0x34/0x44 [ 414.528053][ T2179] pathopenat+0x914/0xb08 [ 414.528062][ T2179] dofilpopen+0xc0/0x170 [ 414.528068][ T2179] dosysopenat2+0x94/0x18c [ 414.528076][ T2179] _arm64sysopenat+0x78/0xa4 [ 414.528084][ T2179] invokesyscall+0x48/0x10c [ 414.528094][ T2179] el0svccommon+0xbc/0x104 [ 414.528099][ T2179] doel0svc+0x34/0xd8 [ 414.528103][ T2179] el0svc+0x34/0xc4 [ 414.528125][ T2179] el0t64synchandler+0x8c/0xfc [ 414.528133][ T2179] el0t64sync+0x1a0/0x1a4 [ 414.528142][ T2179] Kernel panic - not syncing: panicon_warn set ...

So, I reposition and add pcm_mutex to resolve lockdep error.