Description
In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Disable bottom softirqs as part of spin_lock_irq() on PREEMPT_RT snd_pcm_group_lock_irq() acquires a spinlock_t and disables interrupts via spin_lock_irq(). This also implicitly disables the handling of softirqs such as TIMER_SOFTIRQ. On PREEMPT_RT softirqs are preemptible and spin_lock_irq() does not disable them. That means a timer can be invoked during spin_lock_irq() on the same CPU. Due to synchronisations reasons local_bh_disable() has a per-CPU lock named softirq_ctrl.lock which synchronizes individual softirq against each other. syz-bot managed to trigger a lockdep report where softirq_ctrl.lock is acquired in hrtimer_cancel() in addition to hrtimer_run_softirq(). This is a possible deadlock. The softirq_ctrl.lock can not be made part of spin_lock_irq() as this would lead to too much synchronisation against individual threads on the system. To avoid the possible deadlock, softirqs must be manually disabled before the lock is acquired. Disable softirqs before the lock is acquired on PREEMPT_RT.
Product status
d2d6422f8bd17c6bb205133e290625a564194496 (git) before 63ee96c7f47df239ee0a6e8108b6bfd8c98334ae
d2d6422f8bd17c6bb205133e290625a564194496 (git) before 3969b6193cb7a45aa5fb4ec68f215e9e7f93d39a
d2d6422f8bd17c6bb205133e290625a564194496 (git) before 9fc4a3da9a0259a0500848b5d8657918efde176b
6.12
Any version before 6.12
6.12.53 (semver)
6.17.3 (semver)
6.18 (original_commit_for_fix)
References
git.kernel.org/...c/63ee96c7f47df239ee0a6e8108b6bfd8c98334ae
git.kernel.org/...c/3969b6193cb7a45aa5fb4ec68f215e9e7f93d39a
git.kernel.org/...c/9fc4a3da9a0259a0500848b5d8657918efde176b
