In the Linux kernel, the following vulnerability has been resolved:
drm/amdkfd: Fix lock dependency warning with srcu
====================================================== WARNING: possible circular locking dependency detected
kworker/0:2/996 is trying to acquire lock: (srcu){.+.+}-{0:0}, at: _synchronizesrcu+0x5/0x1a0
but task is already holding lock: ((workcompletion)(&svms->deferredlistwork)){+.+.}-{0:0}, at: processone_work+0x211/0x560
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #3 ((workcompletion)(&svms->deferredlistwork)){+.+.}-{0:0}: _flushwork+0x88/0x4f0 svmrangelistlockandflushwork+0x3d/0x110 [amdgpu] svmrangesetattr+0xd6/0x14c0 [amdgpu] kfdioctl+0x1d1/0x630 [amdgpu] _x64sysioctl+0x88/0xc0
-> #2 (&info->lock#2){+.+.}-{3:3}: _mutexlock+0x99/0xc70 amdgpuamdkfdgpuvmrestoreprocessbos+0x54/0x740 [amdgpu] restoreprocesshelper+0x22/0x80 [amdgpu] restoreprocessworker+0x2d/0xa0 [amdgpu] processonework+0x29b/0x560 workerthread+0x3d/0x3d0
-> #1 ((workcompletion)(&(&process->restorework)->work)){+.+.}-{0:0}: _flushwork+0x88/0x4f0 _cancelworktimer+0x12c/0x1c0 kfdprocessnotifierreleaseinternal+0x37/0x1f0 [amdgpu] _mmunotifierrelease+0xad/0x240 exitmmap+0x6a/0x3a0 mmput+0x6a/0x120 doexit+0x322/0xb90 dogroupexit+0x37/0xa0 _x64sysexitgroup+0x18/0x20 dosyscall64+0x38/0x80
-> #0 (srcu){.+.+}-{0:0}: _lockacquire+0x1521/0x2510 locksync+0x5f/0x90 _synchronizesrcu+0x4f/0x1a0 _mmunotifierrelease+0x128/0x240 exitmmap+0x6a/0x3a0 mmput+0x6a/0x120 svmrangedeferredlistwork+0x19f/0x350 [amdgpu] processonework+0x29b/0x560 workerthread+0x3d/0x3d0
other info that might help us debug this: Chain exists of: srcu --> &info->lock#2 --> (workcompletion)(&svms->deferredlist_work)
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock((work_completion)(&svms->deferred_list_work));
lock(&info->lock#2);
lock((work_completion)(&svms->deferred_list_work));
sync(srcu);