DEBIAN-CVE-2023-52516

In the Linux kernel, the following vulnerability has been resolved: dma-debug: don't call dmaentryalloccheckleak() under freeentrieslock _dmaentryalloccheckleak() calls into printk -> serial console output (qcom geni) and grabs port->lock under freeentrieslock spin lock, which is a reverse locking dependency chain as qcomgeni IRQ handler can call into dma-debug code and grab freeentrieslock under port->lock. Move _dmaentryalloccheckleak() call out of freeentrieslock scope so that we don't acquire serial console's port->lock under it. Trimmed-down lockdep splat: The existing dependency chain (in reverse order) is: -> #2 (freeentrieslock){-.-.}-{2:2}: _rawspinlockirqsave+0x60/0x80 dmaentryalloc+0x38/0x110 debugdmamappage+0x60/0xf8 dmamappageattrs+0x1e0/0x230 dmamapsingleattrs.constprop.0+0x6c/0xc8 geniserxdmaprep+0x40/0xcc qcomgeniserialisr+0x310/0x510 _handleirqeventpercpu+0x110/0x244 handleirqeventpercpu+0x20/0x54 handleirqevent+0x50/0x88 handlefasteoiirq+0xa4/0xcc handleirqdesc+0x28/0x40 generichandledomainirq+0x24/0x30 gichandleirq+0xc4/0x148 dointerrupthandler+0xa4/0xb0 el1interrupt+0x34/0x64 el1h64irqhandler+0x18/0x24 el1h64irq+0x64/0x68 archlocalirqenable+0x4/0x8 _dosoftirq+0x18/0x24 ... -> #1 (&portlockkey){-.-.}-{2:2}: _rawspinlockirqsave+0x60/0x80 qcomgeniserialconsolewrite+0x184/0x1dc consoleflushall+0x344/0x454 consoleunlock+0x94/0xf0 vprintkemit+0x238/0x24c vprintkdefault+0x3c/0x48 vprintk+0xb4/0xbc _printk+0x68/0x90 registerconsole+0x230/0x38c uartaddoneport+0x338/0x494 qcomgeniserialprobe+0x390/0x424 platformprobe+0x70/0xc0 reallyprobe+0x148/0x280 _driverprobedevice+0xfc/0x114 driverprobedevice+0x44/0x100 _deviceattachdriver+0x64/0xdc busforeachdrv+0xb0/0xd8 _deviceattach+0xe4/0x140 deviceinitialprobe+0x1c/0x28 busprobedevice+0x44/0xb0 deviceadd+0x538/0x668 ofdeviceadd+0x44/0x50 ofplatformdevicecreatepdata+0x94/0xc8 ofplatformbuscreate+0x270/0x304 ofplatformpopulate+0xac/0xc4 devmofplatformpopulate+0x60/0xac geniseprobe+0x154/0x160 platformprobe+0x70/0xc0 ... -> #0 (consoleowner){-...}-{0:0}: _lockacquire+0xdf8/0x109c lockacquire+0x234/0x284 consoleflushall+0x330/0x454 consoleunlock+0x94/0xf0 vprintkemit+0x238/0x24c vprintkdefault+0x3c/0x48 vprintk+0xb4/0xbc printk+0x68/0x90 dmaentryalloc+0xb4/0x110 debugdmamapsg+0xdc/0x2f8 _dmamapsgattrs+0xac/0xe4 dmamapsgtable+0x30/0x4c getpages+0x1d4/0x1e4 [msm] msmgempinpageslocked+0x38/0xac [msm] msmgempinvmalocked+0x58/0x88 [msm] msmioctlgemsubmit+0xde4/0x13ac [msm] drmioctlkernel+0xe0/0x15c drmioctl+0x2e8/0x3f4 vfsioctl+0x30/0x50 ... Chain exists of: consoleowner --> &portlockkey --> freeentrieslock Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(freeentrieslock); lock(&portlockkey); lock(freeentrieslock); lock(consoleowner); * DEADLOCK * Call trace: dumpbacktrace+0xb4/0xf0 showstack+0x20/0x30 dumpstacklvl+0x60/0x84 dumpstack+0x18/0x24 printcircularbug+0x1cc/0x234 checknoncircular+0x78/0xac _lockacquire+0xdf8/0x109c lockacquire+0x234/0x284 consoleflush_all+0x330/0x454 consol ---truncated---