ghsa-6246-6gx2-c2hw
Vulnerability from github
Published
2024-04-02 09:30
Modified
2024-04-02 09:30
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amdkfd: Fix lock dependency warning with srcu

====================================================== WARNING: possible circular locking dependency detected 6.5.0-kfd-yangp #2289 Not tainted

kworker/0:2/996 is trying to acquire lock: (srcu){.+.+}-{0:0}, at: __synchronize_srcu+0x5/0x1a0

but task is already holding lock: ((work_completion)(&svms->deferred_list_work)){+.+.}-{0:0}, at: process_one_work+0x211/0x560

which lock already depends on the new lock.

the existing dependency chain (in reverse order) is:

-> #3 ((work_completion)(&svms->deferred_list_work)){+.+.}-{0:0}: __flush_work+0x88/0x4f0 svm_range_list_lock_and_flush_work+0x3d/0x110 [amdgpu] svm_range_set_attr+0xd6/0x14c0 [amdgpu] kfd_ioctl+0x1d1/0x630 [amdgpu] __x64_sys_ioctl+0x88/0xc0

-> #2 (&info->lock#2){+.+.}-{3:3}: __mutex_lock+0x99/0xc70 amdgpu_amdkfd_gpuvm_restore_process_bos+0x54/0x740 [amdgpu] restore_process_helper+0x22/0x80 [amdgpu] restore_process_worker+0x2d/0xa0 [amdgpu] process_one_work+0x29b/0x560 worker_thread+0x3d/0x3d0

-> #1 ((work_completion)(&(&process->restore_work)->work)){+.+.}-{0:0}: __flush_work+0x88/0x4f0 __cancel_work_timer+0x12c/0x1c0 kfd_process_notifier_release_internal+0x37/0x1f0 [amdgpu] __mmu_notifier_release+0xad/0x240 exit_mmap+0x6a/0x3a0 mmput+0x6a/0x120 do_exit+0x322/0xb90 do_group_exit+0x37/0xa0 __x64_sys_exit_group+0x18/0x20 do_syscall_64+0x38/0x80

-> #0 (srcu){.+.+}-{0:0}: __lock_acquire+0x1521/0x2510 lock_sync+0x5f/0x90 __synchronize_srcu+0x4f/0x1a0 __mmu_notifier_release+0x128/0x240 exit_mmap+0x6a/0x3a0 mmput+0x6a/0x120 svm_range_deferred_list_work+0x19f/0x350 [amdgpu] process_one_work+0x29b/0x560 worker_thread+0x3d/0x3d0

other info that might help us debug this: Chain exists of: srcu --> &info->lock#2 --> (work_completion)(&svms->deferred_list_work)

Possible unsafe locking scenario:

    CPU0                    CPU1
    ----                    ----
    lock((work_completion)(&svms->deferred_list_work));
                    lock(&info->lock#2);
        lock((work_completion)(&svms->deferred_list_work));
    sync(srcu);
Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2023-52632"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-02T07:15:41Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Fix lock dependency warning with srcu\n\n======================================================\nWARNING: possible circular locking dependency detected\n6.5.0-kfd-yangp #2289 Not tainted\n------------------------------------------------------\nkworker/0:2/996 is trying to acquire lock:\n        (srcu){.+.+}-{0:0}, at: __synchronize_srcu+0x5/0x1a0\n\nbut task is already holding lock:\n        ((work_completion)(\u0026svms-\u003edeferred_list_work)){+.+.}-{0:0}, at:\n\tprocess_one_work+0x211/0x560\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-\u003e #3 ((work_completion)(\u0026svms-\u003edeferred_list_work)){+.+.}-{0:0}:\n        __flush_work+0x88/0x4f0\n        svm_range_list_lock_and_flush_work+0x3d/0x110 [amdgpu]\n        svm_range_set_attr+0xd6/0x14c0 [amdgpu]\n        kfd_ioctl+0x1d1/0x630 [amdgpu]\n        __x64_sys_ioctl+0x88/0xc0\n\n-\u003e #2 (\u0026info-\u003elock#2){+.+.}-{3:3}:\n        __mutex_lock+0x99/0xc70\n        amdgpu_amdkfd_gpuvm_restore_process_bos+0x54/0x740 [amdgpu]\n        restore_process_helper+0x22/0x80 [amdgpu]\n        restore_process_worker+0x2d/0xa0 [amdgpu]\n        process_one_work+0x29b/0x560\n        worker_thread+0x3d/0x3d0\n\n-\u003e #1 ((work_completion)(\u0026(\u0026process-\u003erestore_work)-\u003ework)){+.+.}-{0:0}:\n        __flush_work+0x88/0x4f0\n        __cancel_work_timer+0x12c/0x1c0\n        kfd_process_notifier_release_internal+0x37/0x1f0 [amdgpu]\n        __mmu_notifier_release+0xad/0x240\n        exit_mmap+0x6a/0x3a0\n        mmput+0x6a/0x120\n        do_exit+0x322/0xb90\n        do_group_exit+0x37/0xa0\n        __x64_sys_exit_group+0x18/0x20\n        do_syscall_64+0x38/0x80\n\n-\u003e #0 (srcu){.+.+}-{0:0}:\n        __lock_acquire+0x1521/0x2510\n        lock_sync+0x5f/0x90\n        __synchronize_srcu+0x4f/0x1a0\n        __mmu_notifier_release+0x128/0x240\n        exit_mmap+0x6a/0x3a0\n        mmput+0x6a/0x120\n        svm_range_deferred_list_work+0x19f/0x350 [amdgpu]\n        process_one_work+0x29b/0x560\n        worker_thread+0x3d/0x3d0\n\nother info that might help us debug this:\nChain exists of:\n  srcu --\u003e \u0026info-\u003elock#2 --\u003e (work_completion)(\u0026svms-\u003edeferred_list_work)\n\nPossible unsafe locking scenario:\n\n        CPU0                    CPU1\n        ----                    ----\n        lock((work_completion)(\u0026svms-\u003edeferred_list_work));\n                        lock(\u0026info-\u003elock#2);\n\t\t\tlock((work_completion)(\u0026svms-\u003edeferred_list_work));\n        sync(srcu);",
  "id": "GHSA-6246-6gx2-c2hw",
  "modified": "2024-04-02T09:30:40Z",
  "published": "2024-04-02T09:30:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52632"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1556c242e64cdffe58736aa650b0b395854fe4d4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2a9de42e8d3c82c6990d226198602be44f43f340"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/752312f6a79440086ac0f9b08d7776870037323c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b602f098f716723fa5c6c96a486e0afba83b7b94"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.