ghsa-3vq2-wj5j-j897
Vulnerability from github
Published
2025-02-27 21:32
Modified
2025-02-27 21:32
Details

In the Linux kernel, the following vulnerability has been resolved:

LoongArch: Fix warnings during S3 suspend

The enable_gpe_wakeup() function calls acpi_enable_all_wakeup_gpes(), and the later one may call the preempt_schedule_common() function, resulting in a thread switch and causing the CPU to be in an interrupt enabled state after the enable_gpe_wakeup() function returns, leading to the warnings as follow.

[ C0] WARNING: ... at kernel/time/timekeeping.c:845 ktime_get+0xbc/0xc8 [ C0] ... [ C0] Call Trace: [ C0] [<90000000002243b4>] show_stack+0x64/0x188 [ C0] [<900000000164673c>] dump_stack_lvl+0x60/0x88 [ C0] [<90000000002687e4>] __warn+0x8c/0x148 [ C0] [<90000000015e9978>] report_bug+0x1c0/0x2b0 [ C0] [<90000000016478e4>] do_bp+0x204/0x3b8 [ C0] [<90000000025b1924>] exception_handlers+0x1924/0x10000 [ C0] [<9000000000343bbc>] ktime_get+0xbc/0xc8 [ C0] [<9000000000354c08>] tick_sched_timer+0x30/0xb0 [ C0] [<90000000003408e0>] __hrtimer_run_queues+0x160/0x378 [ C0] [<9000000000341f14>] hrtimer_interrupt+0x144/0x388 [ C0] [<9000000000228348>] constant_timer_interrupt+0x38/0x48 [ C0] [<90000000002feba4>] __handle_irq_event_percpu+0x64/0x1e8 [ C0] [<90000000002fed48>] handle_irq_event_percpu+0x20/0x80 [ C0] [<9000000000306b9c>] handle_percpu_irq+0x5c/0x98 [ C0] [<90000000002fd4a0>] generic_handle_domain_irq+0x30/0x48 [ C0] [<9000000000d0c7b0>] handle_cpu_irq+0x70/0xa8 [ C0] [<9000000001646b30>] handle_loongarch_irq+0x30/0x48 [ C0] [<9000000001646bc8>] do_vint+0x80/0xe0 [ C0] [<90000000002aea1c>] finish_task_switch.isra.0+0x8c/0x2a8 [ C0] [<900000000164e34c>] __schedule+0x314/0xa48 [ C0] [<900000000164ead8>] schedule+0x58/0xf0 [ C0] [<9000000000294a2c>] worker_thread+0x224/0x498 [ C0] [<900000000029d2f0>] kthread+0xf8/0x108 [ C0] [<9000000000221f28>] ret_from_kernel_thread+0xc/0xa4 [ C0] [ C0] ---[ end trace 0000000000000000 ]---

The root cause is acpi_enable_all_wakeup_gpes() uses a mutex to protect acpi_hw_enable_all_wakeup_gpes(), and acpi_ut_acquire_mutex() may cause a thread switch. Since there is no longer concurrent execution during loongarch_acpi_suspend(), we can call acpi_hw_enable_all_wakeup_gpes() directly in enable_gpe_wakeup().

The solution is similar to commit 22db06337f590d01 ("ACPI: sleep: Avoid breaking S3 wakeup due to might_sleep()").

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2025-21803"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-27T20:16:02Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: Fix warnings during S3 suspend\n\nThe enable_gpe_wakeup() function calls acpi_enable_all_wakeup_gpes(),\nand the later one may call the preempt_schedule_common() function,\nresulting in a thread switch and causing the CPU to be in an interrupt\nenabled state after the enable_gpe_wakeup() function returns, leading\nto the warnings as follow.\n\n[ C0] WARNING: ... at kernel/time/timekeeping.c:845 ktime_get+0xbc/0xc8\n[ C0]          ...\n[ C0] Call Trace:\n[ C0] [\u003c90000000002243b4\u003e] show_stack+0x64/0x188\n[ C0] [\u003c900000000164673c\u003e] dump_stack_lvl+0x60/0x88\n[ C0] [\u003c90000000002687e4\u003e] __warn+0x8c/0x148\n[ C0] [\u003c90000000015e9978\u003e] report_bug+0x1c0/0x2b0\n[ C0] [\u003c90000000016478e4\u003e] do_bp+0x204/0x3b8\n[ C0] [\u003c90000000025b1924\u003e] exception_handlers+0x1924/0x10000\n[ C0] [\u003c9000000000343bbc\u003e] ktime_get+0xbc/0xc8\n[ C0] [\u003c9000000000354c08\u003e] tick_sched_timer+0x30/0xb0\n[ C0] [\u003c90000000003408e0\u003e] __hrtimer_run_queues+0x160/0x378\n[ C0] [\u003c9000000000341f14\u003e] hrtimer_interrupt+0x144/0x388\n[ C0] [\u003c9000000000228348\u003e] constant_timer_interrupt+0x38/0x48\n[ C0] [\u003c90000000002feba4\u003e] __handle_irq_event_percpu+0x64/0x1e8\n[ C0] [\u003c90000000002fed48\u003e] handle_irq_event_percpu+0x20/0x80\n[ C0] [\u003c9000000000306b9c\u003e] handle_percpu_irq+0x5c/0x98\n[ C0] [\u003c90000000002fd4a0\u003e] generic_handle_domain_irq+0x30/0x48\n[ C0] [\u003c9000000000d0c7b0\u003e] handle_cpu_irq+0x70/0xa8\n[ C0] [\u003c9000000001646b30\u003e] handle_loongarch_irq+0x30/0x48\n[ C0] [\u003c9000000001646bc8\u003e] do_vint+0x80/0xe0\n[ C0] [\u003c90000000002aea1c\u003e] finish_task_switch.isra.0+0x8c/0x2a8\n[ C0] [\u003c900000000164e34c\u003e] __schedule+0x314/0xa48\n[ C0] [\u003c900000000164ead8\u003e] schedule+0x58/0xf0\n[ C0] [\u003c9000000000294a2c\u003e] worker_thread+0x224/0x498\n[ C0] [\u003c900000000029d2f0\u003e] kthread+0xf8/0x108\n[ C0] [\u003c9000000000221f28\u003e] ret_from_kernel_thread+0xc/0xa4\n[ C0]\n[ C0] ---[ end trace 0000000000000000 ]---\n\nThe root cause is acpi_enable_all_wakeup_gpes() uses a mutex to protect\nacpi_hw_enable_all_wakeup_gpes(), and acpi_ut_acquire_mutex() may cause\na thread switch. Since there is no longer concurrent execution during\nloongarch_acpi_suspend(), we can call acpi_hw_enable_all_wakeup_gpes()\ndirectly in enable_gpe_wakeup().\n\nThe solution is similar to commit 22db06337f590d01 (\"ACPI: sleep: Avoid\nbreaking S3 wakeup due to might_sleep()\").",
  "id": "GHSA-3vq2-wj5j-j897",
  "modified": "2025-02-27T21:32:16Z",
  "published": "2025-02-27T21:32:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21803"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/194d26a5a43c26dc98a9b4e2c1d521dcb84dd1bf"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/26c0a2d93af55d30a46d5f45d3e9c42cde730168"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8682a71a7f6de7c683f31b4334b04e19685a05f9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d49ab6857d98266010f3446c9c2063014db5b654"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.