Received: by 2002:a89:413:0:b0:1fd:dba5:e537 with SMTP id m19csp53809lqs; Thu, 13 Jun 2024 03:45:25 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCXpLNCJQBm4zySth+6jL6xDPqOg8i5HtxchdUib1elT77+HGqj2zgmlvjrIlngcQUO8LMnU+Up0V0a42TVPQv5t1niLMWoHjMYO7bI+cQ== X-Google-Smtp-Source: AGHT+IFOZmYlEXt5D4nRK2tQY8l6Mrn+yf7FmfOVN71pfbl0sMPrW8jIWbUip5ygXAVdMZ/jZoUC X-Received: by 2002:a05:6602:3fd4:b0:7e1:7d6c:4bf0 with SMTP id ca18e2360f4ac-7ebcd173021mr478305439f.16.1718275524843; Thu, 13 Jun 2024 03:45:24 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1718275524; cv=pass; d=google.com; s=arc-20160816; b=jCxoYz8lZw2sXEUZPWCbvEwmmtE1kLHja7vdkebxv2DnjhUwQjQ9XGkMvp4pVFZtxT MRmQRZOcyPCW5YuU5ud96ietSAop3u6YPfitAxvh+zb5X1nD6BQArNCfrCI4I9Kf50+E 4oAhNe/MDXdfVvJCg4BLR5SWqrhFOuygYu1b+53bm//21BzAp0qgUK9lgh0s8hYKbjM0 pRcORHqJMcPUPiPy/oVdm7mX6LbOo3I7mUywamijGWnCenwN95o0JoMQMLa5MpTvxQ/s 8rNcyABxHm/DbS00L//rdCatIiIaq2P/xIOZ9G6wmgvuPvxZd7KAX/SPxM86I4378tcL ArkA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=rdwDKat4rY6vAEhgvXDR7uYooA3dxPXFWsli39Ga3U8=; fh=NtEfQH8J1/Oxt7lHA5ii54nyoY92MUDZfnEx03HO4cg=; b=k70WI1LdPdN0MW6GEwDlv8XKXpXUj+47i/iigDkLVQHq2cgOnVe5b4rCeCAhudGNcV o3TGwMyiJHbQ42CbsLo8Jm7bFQ/V4bbQImC9bFr5H6ZhcxkzLR/pk2FH7k0PHtQvQAyS uAoeseHdrSSy9/HXJOOUq2Y5iZLpJXV0kfaqX1+3709cS2XtQ/M8sUb28adsAaRWw3Px qSqbj6I+zCn4uGi63zDpodiiT0iegBE3Xo3WHfVJQwsAxvwzx+P2gAsqgmGEXeGfF4T9 KfU3E5RMyZMqSiRcmu4tQLM6s/igSbsy0s2MbUR5O0e9SriRk3sCHQrYrp3B6kOMZ7zc NvEg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@ucw.cz header.s=gen1 header.b=T+QdX+xw; arc=pass (i=1 spf=pass spfdomain=ucw.cz dkim=pass dkdomain=ucw.cz dmarc=pass fromdomain=ucw.cz); spf=pass (google.com: domain of linux-kernel+bounces-213035-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-213035-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ucw.cz Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id 41be03b00d2f7-6fee67ba466si1055389a12.894.2024.06.13.03.45.24 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Jun 2024 03:45:24 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-213035-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; dkim=pass header.i=@ucw.cz header.s=gen1 header.b=T+QdX+xw; arc=pass (i=1 spf=pass spfdomain=ucw.cz dkim=pass dkdomain=ucw.cz dmarc=pass fromdomain=ucw.cz); spf=pass (google.com: domain of linux-kernel+bounces-213035-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-213035-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ucw.cz Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 9DB14B235D0 for ; Thu, 13 Jun 2024 10:40:48 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id ABA08142630; Thu, 13 Jun 2024 10:40:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=ucw.cz header.i=@ucw.cz header.b="T+QdX+xw" Received: from jabberwock.ucw.cz (jabberwock.ucw.cz [46.255.230.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B14CD13D52C for ; Thu, 13 Jun 2024 10:40:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=46.255.230.98 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718275241; cv=none; b=pX5hiwd0y2OWt1mAX0Y7YUDxhlIf0PvncXqWKaS1IKWm7jrQ3h40VQaKGX2NfI0Guje9xJEE6DJQWA3KL1x1Im9aag8hCL8QpG1m87OU6tcZS+r42dj0TPbXVBJLfYvLFCNNI5MWbUHwRp29VYjG/IqdNe/xyltTiMeYmwietcc= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718275241; c=relaxed/simple; bh=Bs89R5sWSYZtkWq46T7sthGT/1Pm15bd/J1IwKhrpmM=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=FfYSCemXmh3vOPThdj9E1lcYkDoMng+bQ7pjG7kVkHdC/2BM9Vq3/ipZnGmycx1JNXDYVoSpglsAKGB+irHfrEGC4KF9W/ZIitSgtNAVI5TB40Nb5dzOv/0mO7NB2ijpb30CGsFbGnUxBnfrr8uTdRFlauMdLP+i/Ih1ximJqfA= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=ucw.cz; spf=pass smtp.mailfrom=ucw.cz; dkim=pass (1024-bit key) header.d=ucw.cz header.i=@ucw.cz header.b=T+QdX+xw; arc=none smtp.client-ip=46.255.230.98 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=ucw.cz Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=ucw.cz Received: by jabberwock.ucw.cz (Postfix, from userid 1017) id 743B41C0082; Thu, 13 Jun 2024 12:40:36 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ucw.cz; s=gen1; t=1718275236; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=rdwDKat4rY6vAEhgvXDR7uYooA3dxPXFWsli39Ga3U8=; b=T+QdX+xwwvvEaDbnMdKboBRPEtctJZMMzkOry+XCoEUys/nI7Ho7eY2+FlOwxUMXGhNuaC XH2ew+tRqmt/yJioJLNP+f9Gt+hY9S30H6aCLbYPks9bgFZgh1FyqtUCQ8F33Ho1reIeSL I+wphBzyvqZoWTNTcf0rhSmYwBvurJ8= Date: Thu, 13 Jun 2024 12:40:35 +0200 From: Pavel Machek To: Greg Kroah-Hartman Cc: Lee Jones , Michal Hocko , cve@kernel.org, linux-kernel@vger.kernel.org, Felix Kuehling Subject: Re: CVE-2024-26628: drm/amdkfd: Fix lock dependency warning Message-ID: References: <2024030649-CVE-2024-26628-f6ce@gregkh> <20240314110938.GM1522089@google.com> <20240320154734.GU1522089@google.com> <2024061335-wistful-brownnose-28ea@gregkh> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="RCtKJrnph7EDJ8d5" Content-Disposition: inline In-Reply-To: <2024061335-wistful-brownnose-28ea@gregkh> --RCtKJrnph7EDJ8d5 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu 2024-06-13 12:16:50, Greg Kroah-Hartman wrote: > On Thu, Jun 13, 2024 at 11:32:41AM +0200, Pavel Machek wrote: > > On Wed 2024-03-20 15:47:34, Lee Jones wrote: > > > On Wed, 20 Mar 2024, Michal Hocko wrote: > > >=20 > > > > On Thu 14-03-24 11:09:38, Lee Jones wrote: > > > > > On Fri, 08 Mar 2024, Michal Hocko wrote: > > > > >=20 > > > > > > On Wed 06-03-24 06:46:11, Greg KH wrote: > > > > > > [...] > > > > > > > Possible unsafe locking scenario: > > > > > > >=20 > > > > > > > CPU0 CPU1 > > > > > > > ---- ---- > > > > > > > lock(&svms->lock); > > > > > > > lock(&mm->mmap_lock); > > > > > > > lock(&svms->lock); > > > > > > > lock((work_completion)(&svm_bo->eviction_work)); > > > > > > >=20 > > > > > > > I believe this cannot really lead to a deadlock in practice, = because > > > > > > > svm_range_evict_svm_bo_worker only takes the mmap_read_lock i= f the BO > > > > > > > refcount is non-0. That means it's impossible that svm_range_= bo_release > > > > > > > is running concurrently. However, there is no good way to ann= otate this. > > > > > >=20 > > > > > > OK, so is this even a bug (not to mention a security/weakness)? > > > > >=20 > > > > > Looks like the patch fixes a warning which can crash some kernels= =2E So > > > > > the CVE appears to be fixing that, rather than the impossible dea= dlock. > > > >=20 > > > > Are you talking about lockdep warning or anything else? > > >=20 > > > Anything that triggers a BUG() or a WARN() (as per the splat in the > > > commit message). Many in-field kernels are configured to panic on > > > BUG()s and WARN()s, thus triggering them are presently considered loc= al > > > DoS and attract CVE status. > >=20 > > So... because it is possible to configure machine to reboot on > > warning, now every warning is a security issue? > >=20 > > Lockdep is for debugging, if someone uses it in production with panic > > on reboot, they are getting exactly what they are asking for. > >=20 > > Not a security problem. >=20 > And we agree, I don't know what you are arguing about here, please stop. So you agree that WARN triggering randomly is not a security problem? Following communication did not say so. "The splat in the circular lockdep detection code appears to be generated using some stacked pr_warn() calls, rather than a WARN()." Pavel --=20 People of Russia, stop Putin before his war on Ukraine escalates. --RCtKJrnph7EDJ8d5 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iFwEABECAB0WIQRPfPO7r0eAhk010v0w5/Bqldv68gUCZmrMowAKCRAw5/Bqldv6 8lOqAJ9kIJEoValBhzltSz8+HDqLt8HMwwCYki88XtE78uDyhYE6dZhwtsVtoA== =v6f8 -----END PGP SIGNATURE----- --RCtKJrnph7EDJ8d5--