{"id":"CVE-2024-35795","summary":"drm/amdgpu: fix deadlock while reading mqd from debugfs","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix deadlock while reading mqd from debugfs\n\nAn errant disk backup on my desktop got into debugfs and triggered the\nfollowing deadlock scenario in the amdgpu debugfs files. The machine\nalso hard-resets immediately after those lines are printed (although I\nwasn't able to reproduce that part when reading by hand):\n\n[ 1318.016074][ T1082] ======================================================\n[ 1318.016607][ T1082] WARNING: possible circular locking dependency detected\n[ 1318.017107][ T1082] 6.8.0-rc7-00015-ge0c8221b72c0 #17 Not tainted\n[ 1318.017598][ T1082] ------------------------------------------------------\n[ 1318.018096][ T1082] tar/1082 is trying to acquire lock:\n[ 1318.018585][ T1082] ffff98c44175d6a0 (&mm-\u003emmap_lock){++++}-{3:3}, at: __might_fault+0x40/0x80\n[ 1318.019084][ T1082]\n[ 1318.019084][ T1082] but task is already holding lock:\n[ 1318.020052][ T1082] ffff98c4c13f55f8 (reservation_ww_class_mutex){+.+.}-{3:3}, at: amdgpu_debugfs_mqd_read+0x6a/0x250 [amdgpu]\n[ 1318.020607][ T1082]\n[ 1318.020607][ T1082] which lock already depends on the new lock.\n[ 1318.020607][ T1082]\n[ 1318.022081][ T1082]\n[ 1318.022081][ T1082] the existing dependency chain (in reverse order) is:\n[ 1318.023083][ T1082]\n[ 1318.023083][ T1082] -\u003e #2 (reservation_ww_class_mutex){+.+.}-{3:3}:\n[ 1318.024114][ T1082]        __ww_mutex_lock.constprop.0+0xe0/0x12f0\n[ 1318.024639][ T1082]        ww_mutex_lock+0x32/0x90\n[ 1318.025161][ T1082]        dma_resv_lockdep+0x18a/0x330\n[ 1318.025683][ T1082]        do_one_initcall+0x6a/0x350\n[ 1318.026210][ T1082]        kernel_init_freeable+0x1a3/0x310\n[ 1318.026728][ T1082]        kernel_init+0x15/0x1a0\n[ 1318.027242][ T1082]        ret_from_fork+0x2c/0x40\n[ 1318.027759][ T1082]        ret_from_fork_asm+0x11/0x20\n[ 1318.028281][ T1082]\n[ 1318.028281][ T1082] -\u003e #1 (reservation_ww_class_acquire){+.+.}-{0:0}:\n[ 1318.029297][ T1082]        dma_resv_lockdep+0x16c/0x330\n[ 1318.029790][ T1082]        do_one_initcall+0x6a/0x350\n[ 1318.030263][ T1082]        kernel_init_freeable+0x1a3/0x310\n[ 1318.030722][ T1082]        kernel_init+0x15/0x1a0\n[ 1318.031168][ T1082]        ret_from_fork+0x2c/0x40\n[ 1318.031598][ T1082]        ret_from_fork_asm+0x11/0x20\n[ 1318.032011][ T1082]\n[ 1318.032011][ T1082] -\u003e #0 (&mm-\u003emmap_lock){++++}-{3:3}:\n[ 1318.032778][ T1082]        __lock_acquire+0x14bf/0x2680\n[ 1318.033141][ T1082]        lock_acquire+0xcd/0x2c0\n[ 1318.033487][ T1082]        __might_fault+0x58/0x80\n[ 1318.033814][ T1082]        amdgpu_debugfs_mqd_read+0x103/0x250 [amdgpu]\n[ 1318.034181][ T1082]        full_proxy_read+0x55/0x80\n[ 1318.034487][ T1082]        vfs_read+0xa7/0x360\n[ 1318.034788][ T1082]        ksys_read+0x70/0xf0\n[ 1318.035085][ T1082]        do_syscall_64+0x94/0x180\n[ 1318.035375][ T1082]        entry_SYSCALL_64_after_hwframe+0x46/0x4e\n[ 1318.035664][ T1082]\n[ 1318.035664][ T1082] other info that might help us debug this:\n[ 1318.035664][ T1082]\n[ 1318.036487][ T1082] Chain exists of:\n[ 1318.036487][ T1082]   &mm-\u003emmap_lock --\u003e reservation_ww_class_acquire --\u003e reservation_ww_class_mutex\n[ 1318.036487][ T1082]\n[ 1318.037310][ T1082]  Possible unsafe locking scenario:\n[ 1318.037310][ T1082]\n[ 1318.037838][ T1082]        CPU0                    CPU1\n[ 1318.038101][ T1082]        ----                    ----\n[ 1318.038350][ T1082]   lock(reservation_ww_class_mutex);\n[ 1318.038590][ T1082]                                lock(reservation_ww_class_acquire);\n[ 1318.038839][ T1082]                                lock(reservation_ww_class_mutex);\n[ 1318.039083][ T1082]   rlock(&mm-\u003emmap_lock);\n[ 1318.039328][ T1082]\n[ 1318.039328][ T1082]  *** DEADLOCK ***\n[ 1318.039328][ T1082]\n[ 1318.040029][ T1082] 1 lock held by tar/1082:\n[ 1318.040259][ T1082]  #0: ffff98c4c13f55f8 (reservation_ww_class_mutex){+.+.}-{3:3}, at: amdgpu_debugfs_mqd_read+0x6a/0x250 [amdgpu]\n[ 1318.040560][ T1082]\n[ 1318.040560][ T1082] stack backtrace:\n[\n---truncated---","modified":"2026-04-02T11:51:04.517813Z","published":"2024-05-17T13:23:06.900Z","related":["SUSE-SU-2024:2135-1","SUSE-SU-2024:2203-1","SUSE-SU-2024:2973-1","SUSE-SU-2025:20008-1","SUSE-SU-2025:20028-1","SUSE-SU-2025:20166-1","SUSE-SU-2025:20249-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/35xxx/CVE-2024-35795.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/197f6d6987c55860f6eea1c93e4f800c59078874"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4687e3c6ee877ee25e57b984eca00be53b9a8db5"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8678b1060ae2b75feb60b87e5b75e17374e3c1c5"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8b03556da6e576c62664b6cd01809e4a09d53b5b"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/35xxx/CVE-2024-35795.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-35795"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"445d85e3c1dfd8c45b24be6f1527f1e117256d0e"},{"fixed":"197f6d6987c55860f6eea1c93e4f800c59078874"},{"fixed":"8b03556da6e576c62664b6cd01809e4a09d53b5b"},{"fixed":"4687e3c6ee877ee25e57b984eca00be53b9a8db5"},{"fixed":"8678b1060ae2b75feb60b87e5b75e17374e3c1c5"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-35795.json"}}],"schema_version":"1.7.5"}