CVE-2025-21876

Commit <d74169ceb0d2> ("iommu/vt-d: Allocate DMAR fault interrupts locally") moved the call to enabledrhdfaulthandling() to a code path that does not hold any lock while traversing the drhd list. Fix it by ensuring the dmarglobal_lock lock is held when traversing the drhd list.

Without this fix, the following warning is triggered: ============================= WARNING: suspicious RCU usage 6.14.0-rc3 #55 Not tainted

drivers/iommu/intel/dmar.c:2046 RCU-list traversed in non-reader section!! other info that might help us debug this: rcuscheduleractive = 1, debuglocks = 1 2 locks held by cpuhp/1/23: #0: ffffffff84a67c50 (cpuhotpluglock){++++}-{0:0}, at: cpuhpthreadfun+0x87/0x2c0 #1: ffffffff84a6a380 (cpuhpstate-up){+.+.}-{0:0}, at: cpuhpthreadfun+0x87/0x2c0 stack backtrace: CPU: 1 UID: 0 PID: 23 Comm: cpuhp/1 Not tainted 6.14.0-rc3 #55 Call Trace: <TASK> dumpstacklvl+0xb7/0xd0 lockdeprcususpicious+0x159/0x1f0 ? _pfxenabledrhdfaulthandling+0x10/0x10 enabledrhdfaulthandling+0x151/0x180 cpuhpinvokecallback+0x1df/0x990 cpuhpthreadfun+0x1ea/0x2c0 smpbootthreadfn+0x1f5/0x2e0 ? _pfxsmpbootthreadfn+0x10/0x10 kthread+0x12a/0x2d0 ? _pfxkthread+0x10/0x10 retfromfork+0x4a/0x60 ? _pfxkthread+0x10/0x10 retfromfork_asm+0x1a/0x30 </TASK>

Holding the lock in enabledrhdfaulthandling() triggers a lockdep splat about a possible deadlock between dmargloballock and cpuhotpluglock. This is avoided by not holding dmargloballock when calling iommudevice_register(), which initiates the device probe process.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

d74169ceb0d2e32438946a2f1f9fc8c803304bd6

Fixed

4117c72938493a77ab53cc4b8284be8fb6ec8065

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

d74169ceb0d2e32438946a2f1f9fc8c803304bd6

Fixed

c603ccbe91d189849e1439134598ec567088dcec

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

d74169ceb0d2e32438946a2f1f9fc8c803304bd6

Fixed

b150654f74bf0df8e6a7936d5ec51400d9ec06d8

Affected versions

v6.*

v6.10

v6.10-rc1

v6.10-rc2

v6.10-rc3

v6.10-rc4

v6.10-rc5

v6.10-rc6

v6.10-rc7

v6.11

v6.11-rc1

v6.11-rc2

v6.11-rc3

v6.11-rc4

v6.11-rc5

v6.11-rc6

v6.11-rc7

v6.12

v6.12-rc1

v6.12-rc2

v6.12-rc3

v6.12-rc4

v6.12-rc5

v6.12-rc6

v6.12-rc7

v6.12.1

v6.12.10

v6.12.11

v6.12.12

v6.12.13

v6.12.14

v6.12.15

v6.12.16

v6.12.17

v6.12.2

v6.12.3

v6.12.4

v6.12.5

v6.12.6

v6.12.7

v6.12.8

v6.12.9

v6.13

v6.13-rc1

v6.13-rc2

v6.13-rc3

v6.13-rc4

v6.13-rc5

v6.13-rc6

v6.13-rc7

v6.13.1

v6.13.2

v6.13.3

v6.13.4

v6.13.5

v6.14-rc1

v6.14-rc2

v6.14-rc3

v6.14-rc4

v6.9

v6.9-rc6

v6.9-rc7

Database specific

vanir_signatures

[
    {
        "id": "CVE-2025-21876-5add324c",
        "target": {
            "file": "drivers/iommu/intel/iommu.c",
            "function": "intel_iommu_init"
        },
        "digest": {
            "length": 1944.0,
            "function_hash": "131391869586415789879407310824079091286"
        },
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c603ccbe91d189849e1439134598ec567088dcec",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2025-21876-5f76ee6b",
        "target": {
            "file": "drivers/iommu/intel/dmar.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "166308321335340118694190487894398215972",
                "329791758611476571718307936397998639667",
                "189081660034847019575608923189659546950"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c603ccbe91d189849e1439134598ec567088dcec",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2025-21876-99b1e32e",
        "target": {
            "file": "drivers/iommu/intel/dmar.c",
            "function": "enable_drhd_fault_handling"
        },
        "digest": {
            "length": 505.0,
            "function_hash": "140227553757551007897993105369827903120"
        },
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4117c72938493a77ab53cc4b8284be8fb6ec8065",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2025-21876-bbb4e435",
        "target": {
            "file": "drivers/iommu/intel/dmar.c",
            "function": "enable_drhd_fault_handling"
        },
        "digest": {
            "length": 505.0,
            "function_hash": "140227553757551007897993105369827903120"
        },
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c603ccbe91d189849e1439134598ec567088dcec",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2025-21876-c82a393d",
        "target": {
            "file": "drivers/iommu/intel/dmar.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "166308321335340118694190487894398215972",
                "329791758611476571718307936397998639667",
                "189081660034847019575608923189659546950"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4117c72938493a77ab53cc4b8284be8fb6ec8065",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2025-21876-e557c73e",
        "target": {
            "file": "drivers/iommu/intel/iommu.c",
            "function": "intel_iommu_init"
        },
        "digest": {
            "length": 1957.0,
            "function_hash": "310552020320395488852311997866072693198"
        },
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4117c72938493a77ab53cc4b8284be8fb6ec8065",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2025-21876-e806e49c",
        "target": {
            "file": "drivers/iommu/intel/iommu.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "135020230644335618565789273005294318556",
                "195631895166398777038693479400749542640",
                "192901095065408309364120733923813842489",
                "338151539996957484094089469056784579363",
                "147803326338546276620625604291126402954"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4117c72938493a77ab53cc4b8284be8fb6ec8065",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2025-21876-fd5ef294",
        "target": {
            "file": "drivers/iommu/intel/iommu.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "135020230644335618565789273005294318556",
                "195631895166398777038693479400749542640",
                "192901095065408309364120733923813842489",
                "338151539996957484094089469056784579363",
                "147803326338546276620625604291126402954"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c603ccbe91d189849e1439134598ec567088dcec",
        "signature_version": "v1"
    }
]

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.10.0

Fixed

6.12.18

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.13.6