CVE-2024-35795: drm/amdgpu: fix deadlock while reading mqd from debugfs
First published: Fri May 17 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix deadlock while reading mqd from debugfs An errant disk backup on my desktop got into debugfs and triggered the following deadlock scenario in the amdgpu debugfs files. The machine also hard-resets immediately after those lines are printed (although I wasn't able to reproduce that part when reading by hand): [ 1318.016074][ T1082] ====================================================== [ 1318.016607][ T1082] WARNING: possible circular locking dependency detected [ 1318.017107][ T1082] 6.8.0-rc7-00015-ge0c8221b72c0 #17 Not tainted [ 1318.017598][ T1082] ------------------------------------------------------ [ 1318.018096][ T1082] tar/1082 is trying to acquire lock: [ 1318.018585][ T1082] ffff98c44175d6a0 (&mm->mmap_lock){++++}-{3:3}, at: __might_fault+0x40/0x80 [ 1318.019084][ T1082] [ 1318.019084][ T1082] but task is already holding lock: [ 1318.020052][ T1082] ffff98c4c13f55f8 (reservation_ww_class_mutex){+.+.}-{3:3}, at: amdgpu_debugfs_mqd_read+0x6a/0x250 [amdgpu] [ 1318.020607][ T1082] [ 1318.020607][ T1082] which lock already depends on the new lock. [ 1318.020607][ T1082] [ 1318.022081][ T1082] [ 1318.022081][ T1082] the existing dependency chain (in reverse order) is: [ 1318.023083][ T1082] [ 1318.023083][ T1082] -> #2 (reservation_ww_class_mutex){+.+.}-{3:3}: [ 1318.024114][ T1082] __ww_mutex_lock.constprop.0+0xe0/0x12f0 [ 1318.024639][ T1082] ww_mutex_lock+0x32/0x90 [ 1318.025161][ T1082] dma_resv_lockdep+0x18a/0x330 [ 1318.025683][ T1082] do_one_initcall+0x6a/0x350 [ 1318.026210][ T1082] kernel_init_freeable+0x1a3/0x310 [ 1318.026728][ T1082] kernel_init+0x15/0x1a0 [ 1318.027242][ T1082] ret_from_fork+0x2c/0x40 [ 1318.027759][ T1082] ret_from_fork_asm+0x11/0x20 [ 1318.028281][ T1082] [ 1318.028281][ T1082] -> #1 (reservation_ww_class_acquire){+.+.}-{0:0}: [ 1318.029297][ T1082] dma_resv_lockdep+0x16c/0x330 [ 1318.029790][ T1082] do_one_initcall+0x6a/0x350 [ 1318.030263][ T1082] kernel_init_freeable+0x1a3/0x310 [ 1318.030722][ T1082] kernel_init+0x15/0x1a0 [ 1318.031168][ T1082] ret_from_fork+0x2c/0x40 [ 1318.031598][ T1082] ret_from_fork_asm+0x11/0x20 [ 1318.032011][ T1082] [ 1318.032011][ T1082] -> #0 (&mm->mmap_lock){++++}-{3:3}: [ 1318.032778][ T1082] __lock_acquire+0x14bf/0x2680 [ 1318.033141][ T1082] lock_acquire+0xcd/0x2c0 [ 1318.033487][ T1082] __might_fault+0x58/0x80 [ 1318.033814][ T1082] amdgpu_debugfs_mqd_read+0x103/0x250 [amdgpu] [ 1318.034181][ T1082] full_proxy_read+0x55/0x80 [ 1318.034487][ T1082] vfs_read+0xa7/0x360 [ 1318.034788][ T1082] ksys_read+0x70/0xf0 [ 1318.035085][ T1082] do_syscall_64+0x94/0x180 [ 1318.035375][ T1082] entry_SYSCALL_64_after_hwframe+0x46/0x4e [ 1318.035664][ T1082] [ 1318.035664][ T1082] other info that might help us debug this: [ 1318.035664][ T1082] [ 1318.036487][ T1082] Chain exists of: [ 1318.036487][ T1082] &mm->mmap_lock --> reservation_ww_class_acquire --> reservation_ww_class_mutex [ 1318.036487][ T1082] [ 1318.037310][ T1082] Possible unsafe locking scenario: [ 1318.037310][ T1082] [ 1318.037838][ T1082] CPU0 CPU1 [ 1318.038101][ T1082] ---- ---- [ 1318.038350][ T1082] lock(reservation_ww_class_mutex); [ 1318.038590][ T1082] lock(reservation_ww_class_acquire); [ 1318.038839][ T1082] lock(reservation_ww_class_mutex); [ 1318.039083][ T1082] rlock(&mm->mmap_lock); [ 1318.039328][ T1082] [ 1318.039328][ T1082] *** DEADLOCK *** [ 1318.039328][ T1082] [ 1318.040029][ T1082] 1 lock held by tar/1082: [ 1318.040259][ T1082] #0: ffff98c4c13f55f8 (reservation_ww_class_mutex){+.+.}-{3:3}, at: amdgpu_debugfs_mqd_read+0x6a/0x250 [amdgpu] [ 1318.040560][ T1082] [ 1318.040560][ T1082] stack backtrace: [ ---truncated---
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel | <6.6.24 | 6.6.24 |
| redhat/kernel | <6.7.12 | 6.7.12 |
| redhat/kernel | <6.8.3 | 6.8.3 |
| redhat/kernel | <6.9 | 6.9 |
| Linux Kernel | >=6.5<6.6.24 | |
| Linux Kernel | >=6.7<6.7.12 | |
| Linux Kernel | >=6.8<6.8.3 | |
| Linux Kernel | =6.9-rc1 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.119-1 6.12.11-1 6.12.12-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/197f6d6987c55860f6eea1c93e4f800c59078874
- https://git.kernel.org/stable/c/4687e3c6ee877ee25e57b984eca00be53b9a8db5
- https://git.kernel.org/stable/c/8678b1060ae2b75feb60b87e5b75e17374e3c1c5
- https://git.kernel.org/stable/c/8b03556da6e576c62664b6cd01809e4a09d53b5b
- https://launchpad.net/bugs/cve/CVE-2024-35795
- https://access.redhat.com/security/cve/CVE-2024-35795
- https://lore.kernel.org/linux-cve-announce/2024051734-CVE-2024-35795-ee3e@gregkh/T
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2281156
- https://access.redhat.com/errata/RHSA-2024:9315
- https://bugzilla.redhat.com/show_bug.cgi?id=2281155
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35795
- https://nvd.nist.gov/vuln/detail/CVE-2024-35795
- https://security-tracker.debian.org/tracker/CVE-2024-35795
- https://ubuntu.com/security/CVE-2024-35795
- https://git.kernel.org/linus/8678b1060ae2b75feb60b87e5b75e17374e3c1c5
Frequently Asked Questions
What is the severity of CVE-2024-35795?
CVE-2024-35795 has a low severity rating related to deadlocks in the amdgpu debugfs files in the Linux kernel.
How do I fix CVE-2024-35795?
To fix CVE-2024-35795, update your Linux kernel to versions 6.6.24, 6.7.12, 6.8.3, or 6.9, depending on your distribution.
Which Linux distributions are affected by CVE-2024-35795?
CVE-2024-35795 affects Linux distributions that use the impacted kernel versions, particularly Red Hat and Debian systems.
What is the impact of CVE-2024-35795 on my system?
CVE-2024-35795 can lead to deadlocks under specific conditions when interacting with amdgpu debugfs files, potentially causing system instability.
Is there a workaround for CVE-2024-35795?
There is no official workaround for CVE-2024-35795; the recommended solution is to apply the appropriate kernel update.
- agent/title
- agent/type
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2024-35795
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/trending
- agent/severity
- agent/weakness
- agent/remedy
- agent/last-modified-date
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/event
- agent/source
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-api
- agent/tags
- agent/softwarecombine
- collector/security-tracker-debian
- source/Debian
- package-manager/redhat
- vendor/linux
- canonical/linux kernel
- version/linux kernel/6.5
- version/linux kernel/6.7
- version/linux kernel/6.8
- version/linux kernel/6.9-rc1
- package-manager/debian