CVE-2025-21876

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> iommu/vt-d: Fix suspicious RCU usage<br /> <br /> Commit ("iommu/vt-d: Allocate DMAR fault interrupts<br /> locally") moved the call to enable_drhd_fault_handling() to a code<br /> path that does not hold any lock while traversing the drhd list. Fix<br /> it by ensuring the dmar_global_lock lock is held when traversing the<br /> drhd list.<br /> <br /> Without this fix, the following warning is triggered:<br /> =============================<br /> WARNING: suspicious RCU usage<br /> 6.14.0-rc3 #55 Not tainted<br /> -----------------------------<br /> drivers/iommu/intel/dmar.c:2046 RCU-list traversed in non-reader section!!<br /> other info that might help us debug this:<br /> rcu_scheduler_active = 1, debug_locks = 1<br /> 2 locks held by cpuhp/1/23:<br /> #0: ffffffff84a67c50 (cpu_hotplug_lock){++++}-{0:0}, at: cpuhp_thread_fun+0x87/0x2c0<br /> #1: ffffffff84a6a380 (cpuhp_state-up){+.+.}-{0:0}, at: cpuhp_thread_fun+0x87/0x2c0<br /> stack backtrace:<br /> CPU: 1 UID: 0 PID: 23 Comm: cpuhp/1 Not tainted 6.14.0-rc3 #55<br /> Call Trace:<br /> <br /> dump_stack_lvl+0xb7/0xd0<br /> lockdep_rcu_suspicious+0x159/0x1f0<br /> ? __pfx_enable_drhd_fault_handling+0x10/0x10<br /> enable_drhd_fault_handling+0x151/0x180<br /> cpuhp_invoke_callback+0x1df/0x990<br /> cpuhp_thread_fun+0x1ea/0x2c0<br /> smpboot_thread_fn+0x1f5/0x2e0<br /> ? __pfx_smpboot_thread_fn+0x10/0x10<br /> kthread+0x12a/0x2d0<br /> ? __pfx_kthread+0x10/0x10<br /> ret_from_fork+0x4a/0x60<br /> ? __pfx_kthread+0x10/0x10<br /> ret_from_fork_asm+0x1a/0x30<br /> <br /> <br /> Holding the lock in enable_drhd_fault_handling() triggers a lockdep splat<br /> about a possible deadlock between dmar_global_lock and cpu_hotplug_lock.<br /> This is avoided by not holding dmar_global_lock when calling<br /> iommu_device_register(), which initiates the device probe process.