Description
In the Linux kernel, the following vulnerability has been resolved: remoteproc: imx_dsp_rproc: Add mutex protection for workqueue The workqueue may execute late even after remoteproc is stopped or stopping, some resources (rpmsg device and endpoint) have been released in rproc_stop_subdevices(), then rproc_vq_interrupt() accessing these resources will cause kennel dump. Call trace: virtqueue_add_split+0x1ac/0x560 virtqueue_add_inbuf+0x4c/0x60 rpmsg_recv_done+0x15c/0x294 vring_interrupt+0x6c/0xa4 rproc_vq_interrupt+0x30/0x50 imx_dsp_rproc_vq_work+0x24/0x40 [imx_dsp_rproc] process_one_work+0x1d0/0x354 worker_thread+0x13c/0x470 kthread+0x154/0x160 ret_from_fork+0x10/0x20 Add mutex protection in imx_dsp_rproc_vq_work(), if the state is not running, then just skip calling rproc_vq_interrupt(). Also the flush workqueue operation can't be added in rproc stop for the same reason. The call sequence is rproc_shutdown -> rproc_stop ->rproc_stop_subdevices ->rproc->ops->stop() ->imx_dsp_rproc_stop ->flush_work -> rproc_vq_interrupt The resource needed by rproc_vq_interrupt has been released in rproc_stop_subdevices, so flush_work is not safe to be called in imx_dsp_rproc_stop.
Product status
ec0e5549f3586d2cb99a05edd006d722ebad912c before 4a3e1fa7a77838617bdbcd95127ce93a959fad44
ec0e5549f3586d2cb99a05edd006d722ebad912c before b9693304b7133b81741add5bfb56f022596df012
ec0e5549f3586d2cb99a05edd006d722ebad912c before 47e6ab07018edebf94ce873cf50a05ec76ff2dde
5.16
Any version before 5.16
6.0.18
6.1.4
6.2
References
git.kernel.org/...c/4a3e1fa7a77838617bdbcd95127ce93a959fad44
git.kernel.org/...c/b9693304b7133b81741add5bfb56f022596df012
git.kernel.org/...c/47e6ab07018edebf94ce873cf50a05ec76ff2dde
