CVE-2024-35927

In the Linux kernel, the following vulnerability has been resolved:

drm: Check output polling initialized before disabling

In drmkmshelperpolldisable() check if output polling support is initialized before disabling polling. If not flag this as a warning. Additionally in drmmodeconfighelpersuspend() and drmmodeconfighelperresume() calls, that re the callers of these functions, avoid invoking them if polling is not initialized. For drivers like hyperv-drm, that do not initialize connector polling, if suspend is called without this check, it leads to suspend failure with following stack [ 770.719392] Freezing remaining freezable tasks ... (elapsed 0.001 seconds) done. [ 770.720592] printk: Suspending console(s) (use noconsolesuspend to debug) [ 770.948823] ------------[ cut here ]------------ [ 770.948824] WARNING: CPU: 1 PID: 17197 at kernel/workqueue.c:3162 flushwork.isra.0+0x212/0x230 [ 770.948831] Modules linked in: rfkill nftcounter xtconntrack xtowner udf nftcompat crcitut nftfibinet nftfibipv4 nftfibipv6 nftfib nftrejectinet nfrejectipv4 nfrejectipv6 nftreject nftct nftchainnat nfnat nfconntrack nfdefragipv6 nfdefragipv4 ipset nftables nfnetlink vfat fat mlx5ib ibuverbs ibcore mlx5core intelraplmsr intelraplcommon kvmamd ccp mlxfw kvm psample hypervdrm tls drmshmemhelper drmkmshelper irqbypass pcspkr syscopyarea sysfillrect sysimgblt hvballoon hvutils joydev drm fuse xfs libcrc32c pcihyperv pcihypervintf srmod sdmod cdrom t10pi sg hvstorvsc scsitransportfc hvnetvsc serioraw hypervkeyboard hidhyperv crct10difpclmul crc32pclmul crc32cintel hvvmbus ghashclmulniintel dmmirror dmregionhash dmlog dmmod [ 770.948863] CPU: 1 PID: 17197 Comm: systemd-sleep Not tainted 5.14.0-362.2.1.el93.x8664 #1 [ 770.948865] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 05/09/2022 [ 770.948866] RIP: 0010:flushwork.isra.0+0x212/0x230 [ 770.948869] Code: 8b 4d 00 4c 8b 45 08 89 ca 48 c1 e9 04 83 e2 08 83 e1 0f 83 ca 02 89 c8 48 0f ba 6d 00 03 e9 25 ff ff ff 0f 0b e9 4e ff ff ff <0f> 0b 45 31 ed e9 44 ff ff ff e8 8f 89 b2 00 66 66 2e 0f 1f 84 00 [ 770.948870] RSP: 0018:ffffaf4ac213fb10 EFLAGS: 00010246 [ 770.948871] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff8c992857 [ 770.948872] RDX: 0000000000000001 RSI: 0000000000000001 RDI: ffff9aad82b00330 [ 770.948873] RBP: ffff9aad82b00330 R08: 0000000000000000 R09: ffff9aad87ee3d10 [ 770.948874] R10: 0000000000000200 R11: 0000000000000000 R12: ffff9aad82b00330 [ 770.948874] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 770.948875] FS: 00007ff1b2f6bb40(0000) GS:ffff9aaf37d00000(0000) knlGS:0000000000000000 [ 770.948878] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 770.948878] CR2: 0000555f345cb666 CR3: 00000001462dc005 CR4: 0000000000370ee0 [ 770.948879] Call Trace: [ 770.948880] <TASK> [ 770.948881] ? showtraceloglvl+0x1c4/0x2df [ 770.948884] ? showtraceloglvl+0x1c4/0x2df [ 770.948886] ? _cancelworktimer+0x103/0x190 [ 770.948887] ? _flushwork.isra.0+0x212/0x230 [ 770.948889] ? _warn+0x81/0x110 [ 770.948891] ? _flushwork.isra.0+0x212/0x230 [ 770.948892] ? reportbug+0x10a/0x140 [ 770.948895] ? handlebug+0x3c/0x70 [ 770.948898] ? excinvalidop+0x14/0x70 [ 770.948899] ? asmexcinvalidop+0x16/0x20 [ 770.948903] ? _flushwork.isra.0+0x212/0x230 [ 770.948905] _cancelworktimer+0x103/0x190 [ 770.948907] ? _rawspinunlockirqrestore+0xa/0x30 [ 770.948910] drmkmshelperpolldisable+0x1e/0x40 [drmkmshelper] [ 770.948923] drmmodeconfighelpersuspend+0x1c/0x80 [drmkmshelper] [ 770.948933] ? _pfxvmbussuspend+0x10/0x10 [hvvmbus] [ 770.948942] hypervvmbussuspend+0x17/0x40 [hypervdrm] [ 770.948944] ? _pfxvmbussuspend+0x10/0x10 [hvvmbus] [ 770.948951] dpmruncallback+0x4c/0x140 [ 770.948954] _devicesuspendnoir ---truncated---