CVE-2025-38104
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-38104
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38104.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-38104
- Downstream
- Related
- Published
- 2025-04-18T07:01:31Z
- Modified
- 2025-10-16T02:42:41.654371Z
- Summary
- drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV
RLCG Register Access is a way for virtual functions to safely access GPU registers in a virtualized environment., including TLB flushes and register reads. When multiple threads or VFs try to access the same registers simultaneously, it can lead to race conditions. By using the RLCG interface, the driver can serialize access to the registers. This means that only one thread can access the registers at a time, preventing conflicts and ensuring that operations are performed correctly. Additionally, when a low-priority task holds a mutex that a high-priority task needs, ie., If a thread holding a spinlock tries to acquire a mutex, it can lead to priority inversion. register access in amdgpuvirtrlcgregrw especially in a fast code path is critical.
The call stack shows that the function amdgpuvirtrlcgregrw is being called, which attempts to acquire the mutex. This function is invoked from amdgpusriovwreg, which in turn is called from gmcv110flushgpu_tlb.
The [ BUG: Invalid wait context ] indicates that a thread is trying to acquire a mutex while it is in a context that does not allow it to sleep (like holding a spinlock).
Fixes the below:
[ 253.013423] ============================= [ 253.013434] [ BUG: Invalid wait context ] [ 253.013446] 6.12.0-amdstaging-drm-next-lol-050225 #14 Tainted: G U OE [ 253.013464] ----------------------------- [ 253.013475] kworker/0:1/10 is trying to lock: [ 253.013487] ffff9f30542e3cf8 (&adev->virt.rlcgreglock){+.+.}-{3:3}, at: amdgpuvirtrlcgregrw+0xf6/0x330 [amdgpu] [ 253.013815] other info that might help us debug this: [ 253.013827] context-{4:4} [ 253.013835] 3 locks held by kworker/0:1/10: [ 253.013847] #0: ffff9f3040050f58 ((wqcompletion)events){+.+.}-{0:0}, at: processonework+0x3f5/0x680 [ 253.013877] #1: ffffb789c008be40 ((workcompletion)(&wfc.work)){+.+.}-{0:0}, at: processonework+0x1d6/0x680 [ 253.013905] #2: ffff9f3054281838 (&adev->gmc.invalidatelock){+.+.}-{2:2}, at: gmcv110flushgputlb+0x198/0x4f0 [amdgpu] [ 253.014154] stack backtrace: [ 253.014164] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Tainted: G U OE 6.12.0-amdstaging-drm-next-lol-050225 #14 [ 253.014189] Tainted: [U]=USER, [O]=OOTMODULE, [E]=UNSIGNEDMODULE [ 253.014203] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 11/18/2024 [ 253.014224] Workqueue: events workforcpufn [ 253.014241] Call Trace: [ 253.014250] <TASK> [ 253.014260] dumpstacklvl+0x9b/0xf0 [ 253.014275] dumpstack+0x10/0x20 [ 253.014287] _lockacquire+0xa47/0x2810 [ 253.014303] ? srsoaliasreturnthunk+0x5/0xfbef5 [ 253.014321] lockacquire+0xd1/0x300 [ 253.014333] ? amdgpuvirtrlcgregrw+0xf6/0x330 [amdgpu] [ 253.014562] ? _lockacquire+0xa6b/0x2810 [ 253.014578] _mutexlock+0x85/0xe20 [ 253.014591] ? amdgpuvirtrlcgregrw+0xf6/0x330 [amdgpu] [ 253.014782] ? schedclocknoinstr+0x9/0x10 [ 253.014795] ? srsoaliasreturnthunk+0x5/0xfbef5 [ 253.014808] ? localclocknoinstr+0xe/0xc0 [ 253.014822] ? amdgpuvirtrlcgregrw+0xf6/0x330 [amdgpu] [ 253.015012] ? srsoaliasreturnthunk+0x5/0xfbef5 [ 253.015029] mutexlocknested+0x1b/0x30 [ 253.015044] ? mutexlocknested+0x1b/0x30 [ 253.015057] amdgpuvirtrlcgregrw+0xf6/0x330 [amdgpu] [ 253.015249] amdgpusriovwreg+0xc5/0xd0 [amdgpu] [ 253.015435] gmcv110flushgputlb+0x44b/0x4f0 [amdgpu] [ 253.015667] gfxv110hwinit+0x499/0x29c0 [amdgpu] [ 253.015901] ? _pfxsmuv130updatepcieparameters+0x10/0x10 [amdgpu] [ 253.016159] ? srsoaliasreturnthunk+0x5/0xfbef5 [ 253.016173] ? smuhwinit+0x18d/0x300 [amdgpu] [ 253.016403] amdgpudeviceinit+0x29ad/0x36a0 [amdgpu] [ 253.016614] amdgpudriverloadkms+0x1a/0xc0 [amdgpu] [ 253.0170 ---truncated---
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/07ed75bfa7ede8bfcfa303fd6efc85db1c8684c7
- https://git.kernel.org/stable/c/1c0378830e42c98acd69e0289882c8637d92f285
- https://git.kernel.org/stable/c/5c1741a0c176ae11675a64cb7f2dd21d72db6b91
- https://git.kernel.org/stable/c/dc0297f3198bd60108ccbd167ee5d9fa4af31ed0
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducede864180ee49b4d30e640fd1e1d852b86411420c9Fixed07ed75bfa7ede8bfcfa303fd6efc85db1c8684c7
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducede864180ee49b4d30e640fd1e1d852b86411420c9Fixed1c0378830e42c98acd69e0289882c8637d92f285
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducede864180ee49b4d30e640fd1e1d852b86411420c9Fixed5c1741a0c176ae11675a64cb7f2dd21d72db6b91
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducede864180ee49b4d30e640fd1e1d852b86411420c9Fixeddc0297f3198bd60108ccbd167ee5d9fa4af31ed0
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedf39a3bc42815a7016a915f6cb35e9a1448788f06
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced1adb5ebe205e96af77a93512e2d5b8c437548787
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducede1ab38e99d1607f80a1670a399511a56464c0253