Description
In the Linux kernel, the following vulnerability has been resolved: cgroup,freezer: hold cpu_hotplug_lock before freezer_mutex syzbot is reporting circular locking dependency between cpu_hotplug_lock and freezer_mutex, for commit f5d39b020809 ("freezer,sched: Rewrite core freezer logic") replaced atomic_inc() in freezer_apply_state() with static_branch_inc() which holds cpu_hotplug_lock. cpu_hotplug_lock => cgroup_threadgroup_rwsem => freezer_mutex cgroup_file_write() { cgroup_procs_write() { __cgroup_procs_write() { cgroup_procs_write_start() { cgroup_attach_lock() { cpus_read_lock() { percpu_down_read(&cpu_hotplug_lock); } percpu_down_write(&cgroup_threadgroup_rwsem); } } cgroup_attach_task() { cgroup_migrate() { cgroup_migrate_execute() { freezer_attach() { mutex_lock(&freezer_mutex); (...snipped...) } } } } (...snipped...) } } } freezer_mutex => cpu_hotplug_lock cgroup_file_write() { freezer_write() { freezer_change_state() { mutex_lock(&freezer_mutex); freezer_apply_state() { static_branch_inc(&freezer_active) { static_key_slow_inc() { cpus_read_lock(); static_key_slow_inc_cpuslocked(); cpus_read_unlock(); } } } mutex_unlock(&freezer_mutex); } } } Swap locking order by moving cpus_read_lock() in freezer_apply_state() to before mutex_lock(&freezer_mutex) in freezer_change_state().
Product status
f5d39b020809146cc28e6e73369bf8065e0310aa before 3756171b97c307d9df8b8ded1d883eec30172085
f5d39b020809146cc28e6e73369bf8065e0310aa before 34fbb7b45bae20b551dda24337c7761ca13ce69d
f5d39b020809146cc28e6e73369bf8065e0310aa before 57dcd64c7e036299ef526b400a8d12b8a2352f26
6.1
Any version before 6.1
6.1.25
6.2.12
6.3
References
git.kernel.org/...c/3756171b97c307d9df8b8ded1d883eec30172085
git.kernel.org/...c/34fbb7b45bae20b551dda24337c7761ca13ce69d
git.kernel.org/...c/57dcd64c7e036299ef526b400a8d12b8a2352f26
