CVE-2024-50249

In the Linux kernel, the following vulnerability has been resolved:

ACPI: CPPC: Make rmwlock a rawspin_lock

The following BUG was triggered:

============================= [ BUG: Invalid wait context ]

6.12.0-rc2-XXX #406 Not tainted

kworker/1:1/62 is trying to lock: ffffff8801593030 (&cpcptr->rmwlock){+.+.}-{3:3}, at: cpcwrite+0xcc/0x370 other info that might help us debug this: context-{5:5} 2 locks held by kworker/1:1/62: #0: ffffff897ef5ec98 (&rq->lock){-.-.}-{2:2}, at: rawspinrqlocknested+0x2c/0x50 #1: ffffff880154e238 (&sgpolicy->updatelock){....}-{2:2}, at: sugovupdateshared+0x3c/0x280 stack backtrace: CPU: 1 UID: 0 PID: 62 Comm: kworker/1:1 Not tainted 6.12.0-rc2-g9654bd3e8806 #406 Workqueue: 0x0 (events) Call trace: dumpbacktrace+0xa4/0x130 showstack+0x20/0x38 dumpstacklvl+0x90/0xd0 dumpstack+0x18/0x28 _lockacquire+0x480/0x1ad8 lockacquire+0x114/0x310 _rawspinlock+0x50/0x70 cpcwrite+0xcc/0x370 cppcsetperf+0xa0/0x3a8 cppccpufreqfastswitch+0x40/0xc0 cpufreqdriverfastswitch+0x4c/0x218 sugovupdateshared+0x234/0x280 updateloadavg+0x6ec/0x7b8 dequeueentities+0x108/0x830 dequeuetaskfair+0x58/0x408 _schedule+0x4f0/0x1070 schedule+0x54/0x130 workerthread+0xc0/0x2e8 kthread+0x130/0x148 retfrom_fork+0x10/0x20

sugovupdateshared() locks a rawspinlock while cpcwrite() locks a spinlock.

To have a correct wait-type order, update rmw_lock to a raw spinlock and ensure that interrupts will be disabled on the CPU holding it.

[ rjw: Changelog edits ]