CVE-2025-68244
Gravedad:
Pendiente de análisis
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
16/12/2025
Última modificación:
16/12/2025
Descripción
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD<br />
<br />
On completion of i915_vma_pin_ww(), a synchronous variant of<br />
dma_fence_work_commit() is called. When pinning a VMA to GGTT address<br />
space on a Cherry View family processor, or on a Broxton generation SoC<br />
with VTD enabled, i.e., when stop_machine() is then called from<br />
intel_ggtt_bind_vma(), that can potentially lead to lock inversion among<br />
reservation_ww and cpu_hotplug locks.<br />
<br />
[86.861179] ======================================================<br />
[86.861193] WARNING: possible circular locking dependency detected<br />
[86.861209] 6.15.0-rc5-CI_DRM_16515-gca0305cadc2d+ #1 Tainted: G U<br />
[86.861226] ------------------------------------------------------<br />
[86.861238] i915_module_loa/1432 is trying to acquire lock:<br />
[86.861252] ffffffff83489090 (cpu_hotplug_lock){++++}-{0:0}, at: stop_machine+0x1c/0x50<br />
[86.861290]<br />
but task is already holding lock:<br />
[86.861303] ffffc90002e0b4c8 (reservation_ww_class_mutex){+.+.}-{3:3}, at: i915_vma_pin.constprop.0+0x39/0x1d0 [i915]<br />
[86.862233]<br />
which lock already depends on the new lock.<br />
[86.862251]<br />
the existing dependency chain (in reverse order) is:<br />
[86.862265]<br />
-> #5 (reservation_ww_class_mutex){+.+.}-{3:3}:<br />
[86.862292] dma_resv_lockdep+0x19a/0x390<br />
[86.862315] do_one_initcall+0x60/0x3f0<br />
[86.862334] kernel_init_freeable+0x3cd/0x680<br />
[86.862353] kernel_init+0x1b/0x200<br />
[86.862369] ret_from_fork+0x47/0x70<br />
[86.862383] ret_from_fork_asm+0x1a/0x30<br />
[86.862399]<br />
-> #4 (reservation_ww_class_acquire){+.+.}-{0:0}:<br />
[86.862425] dma_resv_lockdep+0x178/0x390<br />
[86.862440] do_one_initcall+0x60/0x3f0<br />
[86.862454] kernel_init_freeable+0x3cd/0x680<br />
[86.862470] kernel_init+0x1b/0x200<br />
[86.862482] ret_from_fork+0x47/0x70<br />
[86.862495] ret_from_fork_asm+0x1a/0x30<br />
[86.862509]<br />
-> #3 (&mm->mmap_lock){++++}-{3:3}:<br />
[86.862531] down_read_killable+0x46/0x1e0<br />
[86.862546] lock_mm_and_find_vma+0xa2/0x280<br />
[86.862561] do_user_addr_fault+0x266/0x8e0<br />
[86.862578] exc_page_fault+0x8a/0x2f0<br />
[86.862593] asm_exc_page_fault+0x27/0x30<br />
[86.862607] filldir64+0xeb/0x180<br />
[86.862620] kernfs_fop_readdir+0x118/0x480<br />
[86.862635] iterate_dir+0xcf/0x2b0<br />
[86.862648] __x64_sys_getdents64+0x84/0x140<br />
[86.862661] x64_sys_call+0x1058/0x2660<br />
[86.862675] do_syscall_64+0x91/0xe90<br />
[86.862689] entry_SYSCALL_64_after_hwframe+0x76/0x7e<br />
[86.862703]<br />
-> #2 (&root->kernfs_rwsem){++++}-{3:3}:<br />
[86.862725] down_write+0x3e/0xf0<br />
[86.862738] kernfs_add_one+0x30/0x3c0<br />
[86.862751] kernfs_create_dir_ns+0x53/0xb0<br />
[86.862765] internal_create_group+0x134/0x4c0<br />
[86.862779] sysfs_create_group+0x13/0x20<br />
[86.862792] topology_add_dev+0x1d/0x30<br />
[86.862806] cpuhp_invoke_callback+0x4b5/0x850<br />
[86.862822] cpuhp_issue_call+0xbf/0x1f0<br />
[86.862836] __cpuhp_setup_state_cpuslocked+0x111/0x320<br />
[86.862852] __cpuhp_setup_state+0xb0/0x220<br />
[86.862866] topology_sysfs_init+0x30/0x50<br />
[86.862879] do_one_initcall+0x60/0x3f0<br />
[86.862893] kernel_init_freeable+0x3cd/0x680<br />
[86.862908] kernel_init+0x1b/0x200<br />
[86.862921] ret_from_fork+0x47/0x70<br />
[86.862934] ret_from_fork_asm+0x1a/0x30<br />
[86.862947]<br />
-> #1 (cpuhp_state_mutex){+.+.}-{3:3}:<br />
[86.862969] __mutex_lock+0xaa/0xed0<br />
[86.862982] mutex_lock_nested+0x1b/0x30<br />
[86.862995] __cpuhp_setup_state_cpuslocked+0x67/0x320<br />
[86.863012] __cpuhp_setup_state+0xb0/0x220<br />
[86.863026] page_alloc_init_cpuhp+0x2d/0x60<br />
[86.863041] mm_core_init+0x22/0x2d0<br />
[86.863054] start_kernel+0x576/0xbd0<br />
[86.863068] x86_64_start_reservations+0x18/0x30<br />
[86.863084] x86_64_start_kernel+0xbf/0x110<br />
[86.863098] common_startup_64+0x13e/0x141<br />
[86.863114]<br />
-> #0 (cpu_hotplug_lock){++++}-{0:0}:<br />
[86.863135] __lock_acquire+0x16<br />
---truncated---
Impacto
Referencias a soluciones, herramientas e información
- https://git.kernel.org/stable/c/20d94a6117b752fd10a78cefdc1cf2c16706048b
- https://git.kernel.org/stable/c/3dec22bde207a36f1b8a4b80564cbbe13996a7cd
- https://git.kernel.org/stable/c/4e73066e3323add260e46eb51f79383d87950281
- https://git.kernel.org/stable/c/84bbe327a5cbb060f3321c9d9d4d53936fc1ef9b
- https://git.kernel.org/stable/c/858a50127be714f55c3bcb25621028d4a323d77e
- https://git.kernel.org/stable/c/e988634d7aae7214818b9c86cd7ef9e78c84b02d