In the Linux kernel, the following vulnerability has been resolved:

net/mlx5e: Fix mlx5eprivinit() cleanup flow

When mlx5eprivinit() fails, the cleanup flow calls mlx5eselqcleanup which calls mlx5eselqapply() that assures that the priv->state_lock is held using lockdepisheld().

Acquire the statelock in mlx5eselq_cleanup().

Kernel log:

WARNING: suspicious RCU usage

6.8.0-rc3netnext_841a9b5 #1 Not tainted

drivers/net/ethernet/mellanox/mlx5/core/en/selq.c:124 suspicious rcudereferenceprotected() usage!

other info that might help us debug this:

rcuscheduleractive = 2, debuglocks = 1 2 locks held by systemd-modules/293: #0: ffffffffa05067b0 (devicesrwsem){++++}-{3:3}, at: ibregisterclient+0x109/0x1b0 [ibcore] #1: ffff8881096c65c0 (&device->clientdatarwsem){++++}-{3:3}, at: addclientcontext+0x104/0x1c0 [ibcore]

stack backtrace: CPU: 4 PID: 293 Comm: systemd-modules Not tainted 6.8.0-rc3netnext841a9b5 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 Call Trace: <TASK> dumpstacklvl+0x8a/0xa0 lockdeprcususpicious+0x154/0x1a0 mlx5eselqapply+0x94/0xa0 [mlx5core] mlx5eselqcleanup+0x3a/0x60 [mlx5core] mlx5eprivinit+0x2be/0x2f0 [mlx5core] mlx5rdmasetuprn+0x7c/0x1a0 [mlx5core] rdmainitnetdev+0x4e/0x80 [ibcore] ? mlx5rdmanetdevfree+0x70/0x70 [mlx5core] ipoibintfinit+0x64/0x550 [ibipoib] ipoibintfalloc+0x4e/0xc0 [ibipoib] ipoibaddone+0xb0/0x360 [ibipoib] addclientcontext+0x112/0x1c0 [ibcore] ibregisterclient+0x166/0x1b0 [ibcore] ? 0xffffffffa0573000 ipoibinitmodule+0xeb/0x1a0 [ibipoib] dooneinitcall+0x61/0x250 doinitmodule+0x8a/0x270 initmodulefromfile+0x8b/0xd0 idempotentinitmodule+0x17d/0x230 _x64sysfinitmodule+0x61/0xb0 dosyscall64+0x71/0x140 entrySYSCALL64afterhwframe+0x46/0x4e </TASK>