Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com

CVE-2025-38104

Description

In the Linux kernel, the following vulnerability has been resolved:drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOVRLCG Register Access is a way for virtual functions to safely access GPUregisters in a virtualized environment., including TLB flushes andregister reads. When multiple threads or VFs try to access the sameregisters simultaneously, it can lead to race conditions. By using theRLCG interface, the driver can serialize access to the registers. Thismeans that only one thread can access the registers at a time,preventing conflicts and ensuring that operations are performedcorrectly. Additionally, when a low-priority task holds a mutex that ahigh-priority task needs, ie., If a thread holding a spinlock tries toacquire a mutex, it can lead to priority inversion. register access inamdgpu_virt_rlcg_reg_rw especially in a fast code path is critical.The call stack shows that the function amdgpu_virt_rlcg_reg_rw is beingcalled, which attempts to acquire the mutex. This function is invokedfrom amdgpu_sriov_wreg, which in turn is called fromgmc_v11_0_flush_gpu_tlb.The [ BUG: Invalid wait context ] indicates that a thread is trying toacquire a mutex while it is in a context that does not allow it to sleep(like holding a spinlock).Fixes the below:[ 253.013423] =============================[ 253.013434] [ BUG: Invalid wait context ][ 253.013446] 6.12.0-amdstaging-drm-next-lol-050225 #14 Tainted: G U OE[ 253.013464] -----------------------------[ 253.013475] kworker/0:1/10 is trying to lock:[ 253.013487] ffff9f30542e3cf8 (&adev->virt.rlcg_reg_lock){+.+.}-{3:3}, at: amdgpu_virt_rlcg_reg_rw+0xf6/0x330 [amdgpu][ 253.013815] other info that might help us debug this:[ 253.013827] context-{4:4}[ 253.013835] 3 locks held by kworker/0:1/10:[ 253.013847] #0: ffff9f3040050f58 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x3f5/0x680[ 253.013877] #1: ffffb789c008be40 ((work_completion)(&wfc.work)){+.+.}-{0:0}, at: process_one_work+0x1d6/0x680[ 253.013905] #2: ffff9f3054281838 (&adev->gmc.invalidate_lock){+.+.}-{2:2}, at: gmc_v11_0_flush_gpu_tlb+0x198/0x4f0 [amdgpu][ 253.014154] stack backtrace:[ 253.014164] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Tainted: G U OE 6.12.0-amdstaging-drm-next-lol-050225 #14[ 253.014189] Tainted: [U]=USER, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE[ 253.014203] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 11/18/2024[ 253.014224] Workqueue: events work_for_cpu_fn[ 253.014241] Call Trace:[ 253.014250] [ 253.014260] dump_stack_lvl+0x9b/0xf0[ 253.014275] dump_stack+0x10/0x20[ 253.014287] __lock_acquire+0xa47/0x2810[ 253.014303] ? srso_alias_return_thunk+0x5/0xfbef5[ 253.014321] lock_acquire+0xd1/0x300[ 253.014333] ? amdgpu_virt_rlcg_reg_rw+0xf6/0x330 [amdgpu][ 253.014562] ? __lock_acquire+0xa6b/0x2810[ 253.014578] __mutex_lock+0x85/0xe20[ 253.014591] ? amdgpu_virt_rlcg_reg_rw+0xf6/0x330 [amdgpu][ 253.014782] ? sched_clock_noinstr+0x9/0x10[ 253.014795] ? srso_alias_return_thunk+0x5/0xfbef5[ 253.014808] ? local_clock_noinstr+0xe/0xc0[ 253.014822] ? amdgpu_virt_rlcg_reg_rw+0xf6/0x330 [amdgpu][ 253.015012] ? srso_alias_return_thunk+0x5/0xfbef5[ 253.015029] mutex_lock_nested+0x1b/0x30[ 253.015044] ? mutex_lock_nested+0x1b/0x30[ 253.015057] amdgpu_virt_rlcg_reg_rw+0xf6/0x330 [amdgpu][ 253.015249] amdgpu_sriov_wreg+0xc5/0xd0 [amdgpu][ 253.015435] gmc_v11_0_flush_gpu_tlb+0x44b/0x4f0 [amdgpu][ 253.015667] gfx_v11_0_hw_init+0x499/0x29c0 [amdgpu][ 253.015901] ? __pfx_smu_v13_0_update_pcie_parameters+0x10/0x10 [amdgpu][ 253.016159] ? srso_alias_return_thunk+0x5/0xfbef5[ 253.016173] ? smu_hw_init+0x18d/0x300 [amdgpu][ 253.016403] amdgpu_device_init+0x29ad/0x36a0 [amdgpu][ 253.016614] amdgpu_driver_load_kms+0x1a/0xc0 [amdgpu][ 253.0170---truncated---

POC

Reference

No PoCs from references.

Github

- https://github.com/w4zu/Debian_security