Linux Kernel Backlight Control Vulnerability in HID Appletb Keyboard Driver

A vulnerability has been identified in the Linux kernel's HID appletb keyboard driver, specifically in the backlight control feature. The issue arises because the driver improperly handles brightness adjustments from two different atomic contexts, leading to a mutex lock error. This problem occurs when the inactivity timer expires, as well as during normal input event processing on USB hardware. The incorrect context handling triggers a kernel warning about sleeping functions being called from an invalid context, which can disrupt the normal operation of the driver and potentially lead to undefined behavior.

Impact

The vulnerability causes a mutex lock error, where a sleeping function is called from an atomic context, violating the kernel's concurrency rules. This can lead to unexpected behavior in the driver, such as improper handling of input events or backlight control.

Reproduction

The vulnerability can be reproduced by using a device with the affected HID appletb keyboard driver. The issue occurs when the driver's inactivity timer expires, which triggers a backlight adjustment from a softirq context. This can be simulated by allowing the device to remain inactive for a period longer than the driver's idle timeout, causing the timer to expire and attempt to restore the backlight brightness from an invalid context.

Remediation

The vulnerability has been addressed by modifying the driver to use workqueues for the backlight control tasks, ensuring that the brightness adjustments are made from a proper process context. This fix is available in the Linux kernel stable tree.