From patchwork Tue Jun 25 17:46:06 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bethany Jamison X-Patchwork-Id: 1952197 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4W7shP1wm3z20ZS for ; Wed, 26 Jun 2024 03:46:28 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1sMAFE-0001Hh-IG; Tue, 25 Jun 2024 17:46:16 +0000 Received: from smtp-relay-internal-1.internal ([10.131.114.114] helo=smtp-relay-internal-1.canonical.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1sMAFD-0001HT-5B for kernel-team@lists.ubuntu.com; Tue, 25 Jun 2024 17:46:15 +0000 Received: from mail-io1-f70.google.com (mail-io1-f70.google.com [209.85.166.70]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 3A3313FB67 for ; Tue, 25 Jun 2024 17:46:14 +0000 (UTC) Received: by mail-io1-f70.google.com with SMTP id ca18e2360f4ac-7eee4ffd19eso813274639f.1 for ; Tue, 25 Jun 2024 10:46:14 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1719337572; x=1719942372; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Hgez1B8c04pzRLWRzesV++nzKqKxW2KvD2nX8OZ32YA=; b=SqNfRGc7Xff7xRDsaFE3FolKQe2GWoqcuMH5Uko6X4vuQv25NfnSu+OffqfaTcsQQg xBjKOFx/7BPLqv+SEyJnSDRHqYo7We+TOWBKCu5pSdCHdsmSqx+bK0/orVabZrQr4mX2 TEY2TSnXjrltliYOrz3+8+iB4snUbc6/DjxclzrlunIUT6VBZmjK1UHhsXIeUSykSMLN 45HdFCi3P2OztWjPIgeI4GFifEfJ60jTRIViL5bFPIb6B7/PJGhH80TXCr+LOAhZfYb0 E3wM5ZkvVMbvR0fzjLz7RFgb1dL+CVvOGpdNG4wGWfUm0biMa5v394gZmx5fBbG1JAPo kj5g== X-Gm-Message-State: AOJu0YxsIA/F+P7rnlgsFijWvgU1q8VKSdMZNLPrMF4ZOc2igNdKare+ gHz5LkFPHIq8WlfUQ7QxQ8pVI9XySHFCB46echM6aEBpHFgizTzBlanUDBJsecze8J1aWAH/r5O 8hgjt1QurQGtYLvNfji8dcOdnCDWP8cA1BHo3JnvWjDM4A0Q/fQ+/TBaZvrJl1o4PMGzC40dnuE lmc0CaYbMO6A== X-Received: by 2002:a05:6602:1603:b0:7eb:6437:203e with SMTP id ca18e2360f4ac-7f3a158d6bbmr986258639f.17.1719337572186; Tue, 25 Jun 2024 10:46:12 -0700 (PDT) X-Google-Smtp-Source: AGHT+IF/hooNUtjjsVtUffCAohdh4PwzP8t2RpR/wJiaaKnk/DQI6dyMGwQaLQck6wFZItgMSRIK1A== X-Received: by 2002:a05:6602:1603:b0:7eb:6437:203e with SMTP id ca18e2360f4ac-7f3a158d6bbmr986240239f.17.1719337568792; Tue, 25 Jun 2024 10:46:08 -0700 (PDT) Received: from smtp.gmail.com (167-248-51-36.oa02.lnk04.ne.dynamic.allophone.net. [167.248.51.36]) by smtp.gmail.com with ESMTPSA id ca18e2360f4ac-7f39202a611sm226879539f.43.2024.06.25.10.46.08 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 25 Jun 2024 10:46:08 -0700 (PDT) From: Bethany Jamison To: kernel-team@lists.ubuntu.com Subject: [SRU][N][PATCH 0/1] CVE-2024-35997 Date: Tue, 25 Jun 2024 12:46:06 -0500 Message-Id: <20240625174607.13821-1-bethany.jamison@canonical.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" [Impact] HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up The flag I2C_HID_READ_PENDING is used to serialize I2C operations. However, this is not necessary, because I2C core already has its own locking for that. More importantly, this flag can cause a lock-up: if the flag is set in i2c_hid_xfer() and an interrupt happens, the interrupt handler (i2c_hid_irq) will check this flag and return immediately without doing anything, then the interrupt handler will be invoked again in an infinite loop. Since interrupt handler is an RT task, it takes over the CPU and the flag-clearing task never gets scheduled, thus we have a lock-up. Delete this unnecessary flag. [Fix] Noble: Clean cherry-pick from linux-6.8.y Jammy: pending Focal: pending Bionic: fix sent to esm ML Xenial: fix sent to esm ML Trusty: not going to be fixed by us [Test Case] Compile and boot tested. [Where problems could occur] This fix affects those who use the HID over I2C protocol implementation, an issue with this fix would be visible to the user via a system freeze or crash. Nam Cao (1): HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up drivers/hid/i2c-hid/i2c-hid-core.c | 9 --------- 1 file changed, 9 deletions(-) Acked-by: Thibault Ferrante Acked-by: Manuel Diewald