DEBIAN-CVE-2025-68202

In the Linux kernel, the following vulnerability has been resolved: schedext: Fix unsafe locking in the scxdumpstate() For built with CONFIGPREEMPTRT=y kernels, the dumplock will be converted sleepable spinlock and not disable-irq, so the following scenarios occur: inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage. irqwork/0/27 [HC0[0]:SC0[0]:HE1:SE1] takes: (&rq->lock){?...}-{2:2}, at: rawspinrqlocknested+0x2b/0x40 {IN-HARDIRQ-W} state was registered at: lockacquire+0x1e1/0x510 rawspinlocknested+0x42/0x80 rawspinrqlocknested+0x2b/0x40 schedtick+0xae/0x7b0 updateprocesstimes+0x14c/0x1b0 tickperiodic+0x62/0x1f0 tickhandleperiodic+0x48/0xf0 timerinterrupt+0x55/0x80 _handleirqeventpercpu+0x20a/0x5c0 handleirqeventpercpu+0x18/0xc0 handleirqevent+0xb5/0x150 handlelevelirq+0x220/0x460 _commoninterrupt+0xa2/0x1e0 commoninterrupt+0xb0/0xd0 asmcommoninterrupt+0x2b/0x40 _rawspinunlockirqrestore+0x45/0x80 _setupirq+0xc34/0x1a30 requestthreadedirq+0x214/0x2f0 hpettimeinit+0x3e/0x60 x86latetimeinit+0x5b/0xb0 startkernel+0x308/0x410 x8664startreservations+0x1c/0x30 x8664startkernel+0x96/0xa0 commonstartup64+0x13e/0x148 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&rq->lock); <Interrupt> lock(&rq->lock); * DEADLOCK * stack backtrace: CPU: 0 UID: 0 PID: 27 Comm: irqwork/0 Call Trace: <TASK> dumpstacklvl+0x8c/0xd0 dumpstack+0x14/0x20 printusagebug+0x42e/0x690 marklock.part.44+0x867/0xa70 ? _pfxmarklock.part.44+0x10/0x10 ? stringnocheck+0x19c/0x310 ? number+0x739/0x9f0 ? _pfxstringnocheck+0x10/0x10 ? _pfxcheckpointer+0x10/0x10 ? kvmschedclockread+0x15/0x30 ? schedclocknoinstr+0xd/0x20 ? localclocknoinstr+0x1c/0xe0 _lockacquire+0xc4b/0x62b0 ? _pfxformatdecode+0x10/0x10 ? _pfxstring+0x10/0x10 ? _pfxlockacquire+0x10/0x10 ? _pfxvsnprintf+0x10/0x10 lockacquire+0x1e1/0x510 ? rawspinrqlocknested+0x2b/0x40 ? _pfxlockacquire+0x10/0x10 ? dumpline+0x12e/0x270 ? rawspinrqlocknested+0x20/0x40 _rawspinlocknested+0x42/0x80 ? rawspinrqlocknested+0x2b/0x40 rawspinrqlocknested+0x2b/0x40 scxdumpstate+0x3b3/0x1270 ? finishtaskswitch+0x27e/0x840 scxopserrorirqworkfn+0x67/0x80 irqworksingle+0x113/0x260 irqworkrunlist.part.3+0x44/0x70 runirqworkd+0x6b/0x90 ? _pfxrunirqworkd+0x10/0x10 smpbootthreadfn+0x529/0x870 ? _pfxsmpbootthreadfn+0x10/0x10 kthread+0x305/0x3f0 ? _pfxkthread+0x10/0x10 retfromfork+0x40/0x70 ? _pfxkthread+0x10/0x10 retfromforkasm+0x1a/0x30 </TASK> This commit therefore use rqlockirqsave/irqrestore() to replace rqlock/unlock() in the scxdump_state().