Bug 2315219 (CVE-2024-46867)

Summary: CVE-2024-46867 kernel: drm/xe/client: fix deadlock in show_meminfo()
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: dfreiber, drow, jburrell, vkumar
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2315236    
Bug Blocks:    

Description OSIDB Bzimport 2024-09-27 13:23:36 UTC 
In the Linux kernel, the following vulnerability has been resolved:

drm/xe/client: fix deadlock in show_meminfo()

There is a real deadlock as well as sleeping in atomic() bug in here, if
the bo put happens to be the last ref, since bo destruction wants to
grab the same spinlock and sleeping locks.  Fix that by dropping the ref
using xe_bo_put_deferred(), and moving the final commit outside of the
lock. Dropping the lock around the put is tricky since the bo can go
out of scope and delete itself from the list, making it difficult to
navigate to the next list entry.

(cherry picked from commit 0083b8e6f11d7662283a267d4ce7c966812ffd8a)
Comment 1 Robb Gatica 2024-09-27 14:23:09 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024092746-CVE-2024-46867-7fe4@gregkh/T