Description
In the Linux kernel, the following vulnerability has been resolved: net: phy: register phy led_triggers during probe to avoid AB-BA deadlock There is an AB-BA deadlock when both LEDS_TRIGGER_NETDEV and LED_TRIGGER_PHY are enabled: [ 1362.049207] [] led_trigger_register+0x5c/0x1fc <-- Trying to get lock "triggers_list_lock" via down_write(&triggers_list_lock); [ 1362.054536] [] phy_led_triggers_register+0xd0/0x234 [ 1362.060329] [] phy_attach_direct+0x33c/0x40c [ 1362.065489] [] phylink_fwnode_phy_connect+0x15c/0x23c [ 1362.071480] [] mtk_open+0x7c/0xba0 [ 1362.075849] [] __dev_open+0x280/0x2b0 [ 1362.080384] [] __dev_change_flags+0x244/0x24c [ 1362.085598] [] dev_change_flags+0x28/0x78 [ 1362.090528] [] dev_ioctl+0x4c0/0x654 <-- Hold lock "rtnl_mutex" by calling rtnl_lock(); [ 1362.094985] [] sock_ioctl+0x2f4/0x4e0 [ 1362.099567] [] sys_ioctl+0x32c/0xd8c [ 1362.104022] [] syscall_common+0x34/0x58 Here LED_TRIGGER_PHY is registering LED triggers during phy_attach while holding RTNL and then taking triggers_list_lock. [ 1362.191101] [] register_netdevice_notifier+0x60/0x168 <-- Trying to get lock "rtnl_mutex" via rtnl_lock(); [ 1362.197073] [] netdev_trig_activate+0x194/0x1e4 [ 1362.202490] [] led_trigger_set+0x1d4/0x360 <-- Hold lock "triggers_list_lock" by down_read(&triggers_list_lock); [ 1362.207511] [] led_trigger_write+0xd8/0x14c [ 1362.212566] [] sysfs_kf_bin_write+0x80/0xbc [ 1362.217688] [] kernfs_fop_write_iter+0x17c/0x28c [ 1362.223174] [] vfs_write+0x21c/0x3c4 [ 1362.227712] [] ksys_write+0x78/0x12c [ 1362.232164] [] syscall_common+0x34/0x58 Here LEDS_TRIGGER_NETDEV is being enabled on an LED. It first takes triggers_list_lock and then RTNL. A classical AB-BA deadlock. phy_led_triggers_registers() does not require the RTNL, it does not make any calls into the network stack which require protection. There is also no requirement the PHY has been attached to a MAC, the triggers only make use of phydev state. This allows the call to phy_led_triggers_registers() to be placed elsewhere. PHY probe() and release() don't hold RTNL, so solving the AB-BA deadlock.
Details
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Packages
| Software | From version | Fixed in |
|---|---|---|
| kernel | 6.19.0 | 6.19.7 |
| linux-kernel | — | — |
References
Similar Threats
- Unknown ALSA-2023:2458
- Unknown ALSA-2023:1703
- Unknown ALSA-2023:1566
- Unknown ALSA-2023:1470
- Unknown ALSA-2023:0951
Patch Gap Protection
Running software with known vulnerabilities?
BotEraser can help reduce exposure by blocking IPs associated with exploit activity — even before a patch is available.
Start Free →No credit card required · Results in minutes
ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.