In the Linux kernel, the following vulnerability has been resolved:
drm/amdkfd: Fix lock dependency warning with srcu
====================================================== WARNING: possible circular locking dependency detected
kworker/0:2/996 is trying to acquire lock: (srcu){.+.+}-{0:0}, at: _synchronizesrcu+0x5/0x1a0
but task is already holding lock: ((workcompletion)(&svms->deferredlistwork)){+.+.}-{0:0}, at: processone_work+0x211/0x560
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #3 ((workcompletion)(&svms->deferredlistwork)){+.+.}-{0:0}: _flushwork+0x88/0x4f0 svmrangelistlockandflushwork+0x3d/0x110 [amdgpu] svmrangesetattr+0xd6/0x14c0 [amdgpu] kfdioctl+0x1d1/0x630 [amdgpu] _x64sysioctl+0x88/0xc0
-> #2 (&info->lock#2){+.+.}-{3:3}: _mutexlock+0x99/0xc70 amdgpuamdkfdgpuvmrestoreprocessbos+0x54/0x740 [amdgpu] restoreprocesshelper+0x22/0x80 [amdgpu] restoreprocessworker+0x2d/0xa0 [amdgpu] processonework+0x29b/0x560 workerthread+0x3d/0x3d0
-> #1 ((workcompletion)(&(&process->restorework)->work)){+.+.}-{0:0}: _flushwork+0x88/0x4f0 _cancelworktimer+0x12c/0x1c0 kfdprocessnotifierreleaseinternal+0x37/0x1f0 [amdgpu] _mmunotifierrelease+0xad/0x240 exitmmap+0x6a/0x3a0 mmput+0x6a/0x120 doexit+0x322/0xb90 dogroupexit+0x37/0xa0 _x64sysexitgroup+0x18/0x20 dosyscall64+0x38/0x80
-> #0 (srcu){.+.+}-{0:0}: _lockacquire+0x1521/0x2510 locksync+0x5f/0x90 _synchronizesrcu+0x4f/0x1a0 _mmunotifierrelease+0x128/0x240 exitmmap+0x6a/0x3a0 mmput+0x6a/0x120 svmrangedeferredlistwork+0x19f/0x350 [amdgpu] processonework+0x29b/0x560 workerthread+0x3d/0x3d0
other info that might help us debug this: Chain exists of: srcu --> &info->lock#2 --> (workcompletion)(&svms->deferredlist_work)
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock((work_completion)(&svms->deferred_list_work));
lock(&info->lock#2);
lock((work_completion)(&svms->deferred_list_work));
sync(srcu);
{ "vanir_signatures": [ { "signature_version": "v1", "signature_type": "Line", "target": { "file": "drivers/gpu/drm/amd/amdkfd/kfd_svm.c" }, "deprecated": false, "digest": { "line_hashes": [ "211455503737826513412449554691239083888", "179211897520838957856493507874321556996", "67939483464174749937727572722946972781", "308049407439769434170848062038354919695" ], "threshold": 0.9 }, "id": "CVE-2023-52632-2e0ee8ce", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b602f098f716723fa5c6c96a486e0afba83b7b94" }, { "signature_version": "v1", "signature_type": "Line", "target": { "file": "drivers/gpu/drm/amd/amdkfd/kfd_svm.c" }, "deprecated": false, "digest": { "line_hashes": [ "211455503737826513412449554691239083888", "179211897520838957856493507874321556996", "67939483464174749937727572722946972781", "308049407439769434170848062038354919695" ], "threshold": 0.9 }, "id": "CVE-2023-52632-472213a4", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@752312f6a79440086ac0f9b08d7776870037323c" }, { "signature_version": "v1", "signature_type": "Line", "target": { "file": "drivers/gpu/drm/amd/amdkfd/kfd_svm.c" }, "deprecated": false, "digest": { "line_hashes": [ "211455503737826513412449554691239083888", "179211897520838957856493507874321556996", "67939483464174749937727572722946972781", "308049407439769434170848062038354919695" ], "threshold": 0.9 }, "id": "CVE-2023-52632-89e8b512", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1556c242e64cdffe58736aa650b0b395854fe4d4" }, { "signature_version": "v1", "signature_type": "Line", "target": { "file": "drivers/gpu/drm/amd/amdkfd/kfd_svm.c" }, "deprecated": false, "digest": { "line_hashes": [ "211455503737826513412449554691239083888", "179211897520838957856493507874321556996", "67939483464174749937727572722946972781", "308049407439769434170848062038354919695" ], "threshold": 0.9 }, "id": "CVE-2023-52632-b91cf6b3", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2a9de42e8d3c82c6990d226198602be44f43f340" } ] }