{"id":"CVE-2024-26725","summary":"dpll: fix possible deadlock during netlink dump operation","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ndpll: fix possible deadlock during netlink dump operation\n\nRecently, I've been hitting following deadlock warning during dpll pin\ndump:\n\n[52804.637962] ======================================================\n[52804.638536] WARNING: possible circular locking dependency detected\n[52804.639111] 6.8.0-rc2jiri+ #1 Not tainted\n[52804.639529] ------------------------------------------------------\n[52804.640104] python3/2984 is trying to acquire lock:\n[52804.640581] ffff88810e642678 (nlk_cb_mutex-GENERIC){+.+.}-{3:3}, at: netlink_dump+0xb3/0x780\n[52804.641417]\n               but task is already holding lock:\n[52804.642010] ffffffff83bde4c8 (dpll_lock){+.+.}-{3:3}, at: dpll_lock_dumpit+0x13/0x20\n[52804.642747]\n               which lock already depends on the new lock.\n\n[52804.643551]\n               the existing dependency chain (in reverse order) is:\n[52804.644259]\n               -\u003e #1 (dpll_lock){+.+.}-{3:3}:\n[52804.644836]        lock_acquire+0x174/0x3e0\n[52804.645271]        __mutex_lock+0x119/0x1150\n[52804.645723]        dpll_lock_dumpit+0x13/0x20\n[52804.646169]        genl_start+0x266/0x320\n[52804.646578]        __netlink_dump_start+0x321/0x450\n[52804.647056]        genl_family_rcv_msg_dumpit+0x155/0x1e0\n[52804.647575]        genl_rcv_msg+0x1ed/0x3b0\n[52804.648001]        netlink_rcv_skb+0xdc/0x210\n[52804.648440]        genl_rcv+0x24/0x40\n[52804.648831]        netlink_unicast+0x2f1/0x490\n[52804.649290]        netlink_sendmsg+0x36d/0x660\n[52804.649742]        __sock_sendmsg+0x73/0xc0\n[52804.650165]        __sys_sendto+0x184/0x210\n[52804.650597]        __x64_sys_sendto+0x72/0x80\n[52804.651045]        do_syscall_64+0x6f/0x140\n[52804.651474]        entry_SYSCALL_64_after_hwframe+0x46/0x4e\n[52804.652001]\n               -\u003e #0 (nlk_cb_mutex-GENERIC){+.+.}-{3:3}:\n[52804.652650]        check_prev_add+0x1ae/0x1280\n[52804.653107]        __lock_acquire+0x1ed3/0x29a0\n[52804.653559]        lock_acquire+0x174/0x3e0\n[52804.653984]        __mutex_lock+0x119/0x1150\n[52804.654423]        netlink_dump+0xb3/0x780\n[52804.654845]        __netlink_dump_start+0x389/0x450\n[52804.655321]        genl_family_rcv_msg_dumpit+0x155/0x1e0\n[52804.655842]        genl_rcv_msg+0x1ed/0x3b0\n[52804.656272]        netlink_rcv_skb+0xdc/0x210\n[52804.656721]        genl_rcv+0x24/0x40\n[52804.657119]        netlink_unicast+0x2f1/0x490\n[52804.657570]        netlink_sendmsg+0x36d/0x660\n[52804.658022]        __sock_sendmsg+0x73/0xc0\n[52804.658450]        __sys_sendto+0x184/0x210\n[52804.658877]        __x64_sys_sendto+0x72/0x80\n[52804.659322]        do_syscall_64+0x6f/0x140\n[52804.659752]        entry_SYSCALL_64_after_hwframe+0x46/0x4e\n[52804.660281]\n               other info that might help us debug this:\n\n[52804.661077]  Possible unsafe locking scenario:\n\n[52804.661671]        CPU0                    CPU1\n[52804.662129]        ----                    ----\n[52804.662577]   lock(dpll_lock);\n[52804.662924]                                lock(nlk_cb_mutex-GENERIC);\n[52804.663538]                                lock(dpll_lock);\n[52804.664073]   lock(nlk_cb_mutex-GENERIC);\n[52804.664490]\n\nThe issue as follows: __netlink_dump_start() calls control-\u003estart(cb)\nwith nlk-\u003ecb_mutex held. In control-\u003estart(cb) the dpll_lock is taken.\nThen nlk-\u003ecb_mutex is released and taken again in netlink_dump(), while\ndpll_lock still being held. That leads to ABBA deadlock when another\nCPU races with the same operation.\n\nFix this by moving dpll_lock taking into dumpit() callback which ensures\ncorrect lock taking order.","modified":"2026-04-02T10:05:40.454021Z","published":"2024-04-03T14:55:24.074Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/26xxx/CVE-2024-26725.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/087739cbd0d0b87b6cec2c0799436ac66e24acc8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/53c0441dd2c44ee93fddb5473885fd41e4bc2361"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/26xxx/CVE-2024-26725.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26725"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"9d71b54b65b1fb6c0d3a6c5c88ba9b915c783fbc"},{"fixed":"087739cbd0d0b87b6cec2c0799436ac66e24acc8"},{"fixed":"53c0441dd2c44ee93fddb5473885fd41e4bc2361"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-26725.json"}}],"schema_version":"1.7.5"}