In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Prevent deadlock while disabling aRFS
When disabling aRFS under the priv->state_lock, any scheduled
aRFS works are canceled using the cancel_work_sync function,
which waits for the work to end if it has already started.
However, while waiting for the work handler, the handler will
try to acquire the state_lock which is already acquired.
The worker acquires the lock to delete the rules if the state is down, which is not the worker's responsibility since disabling aRFS deletes the rules.
Add an aRFS state variable, which indicates whether the aRFS is enabled and prevent adding rules when the aRFS is disabled.
Kernel log:
====================================================== WARNING: possible circular locking dependency detected
ethtool/386089 is trying to acquire lock: ffff88810f21ce68 ((workcompletion)(&rule->arfswork)){+.+.}-{0:0}, at: _flushwork+0x74/0x4e0
but task is already holding lock: ffff8884a1808cc0 (&priv->statelock){+.+.}-{3:3}, at: mlx5eethtoolsetchannels+0x53/0x200 [mlx5_core]
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&priv->statelock){+.+.}-{3:3}: _mutexlock+0x80/0xc90 arfshandlework+0x4b/0x3b0 [mlx5core] processonework+0x1dc/0x4a0 workerthread+0x1bf/0x3c0 kthread+0xd7/0x100 retfromfork+0x2d/0x50 retfromforkasm+0x11/0x20
-> #0 ((workcompletion)(&rule->arfswork)){+.+.}-{0:0}: _lockacquire+0x17b4/0x2c80 lockacquire+0xd0/0x2b0 _flushwork+0x7a/0x4e0 _cancelworktimer+0x131/0x1c0 arfsdelrules+0x143/0x1e0 [mlx5core] mlx5earfsdisable+0x1b/0x30 [mlx5core] mlx5eethtoolsetchannels+0xcb/0x200 [mlx5core] ethnlsetchannels+0x28f/0x3b0 ethnldefaultsetdoit+0xec/0x240 genlfamilyrcvmsgdoit+0xd0/0x120 genlrcvmsg+0x188/0x2c0 netlinkrcvskb+0x54/0x100 genlrcv+0x24/0x40 netlinkunicast+0x1a1/0x270 netlinksendmsg+0x214/0x460 _socksendmsg+0x38/0x60 _syssendto+0x113/0x170 _x64syssendto+0x20/0x30 dosyscall64+0x40/0xe0 entrySYSCALL64after_hwframe+0x46/0x4e
other info that might help us debug this:
Possible unsafe locking scenario:
   CPU0                    CPU1
   ----                    ----
lock(&priv->statelock); lock((workcompletion)(&rule->arfswork)); lock(&priv->statelock); lock((workcompletion)(&rule->arfswork));
* DEADLOCK *
3 locks held by ethtool/386089: #0: ffffffff82ea7210 (cblock){++++}-{3:3}, at: genlrcv+0x15/0x40 #1: ffffffff82e94c88 (rtnlmutex){+.+.}-{3:3}, at: ethnldefaultsetdoit+0xd3/0x240 #2: ffff8884a1808cc0 (&priv->statelock){+.+.}-{3:3}, at: mlx5eethtoolsetchannels+0x53/0x200 [mlx5_core]
stack backtrace: CPU: 15 PID: 386089 Comm: ethtool Tainted: G I 6.7.0-rc4netnextmlx55483eb2 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 Call Trace: <TASK> dumpstacklvl+0x60/0xa0 checknoncircular+0x144/0x160 _lockacquire+0x17b4/0x2c80 lockacquire+0xd0/0x2b0 ? _flushwork+0x74/0x4e0 ? savetrace+0x3e/0x360 ? _flushwork+0x74/0x4e0 _flushwork+0x7a/0x4e0 ? _flushwork+0x74/0x4e0 ? _lockacquire+0xa78/0x2c80 ? lockacquire+0xd0/0x2b0 ? markheldlocks+0x49/0x70 _cancelworktimer+0x131/0x1c0 ? markheldlocks+0x49/0x70 arfsdelrules+0x143/0x1e0 [mlx5core] mlx5earfsdisable+0x1b/0x30 [mlx5core] mlx5eethtoolsetchannels+0xcb/0x200 [mlx5core] ethnlsetchannels+0x28f/0x3b0 ethnldefaultsetdoit+0xec/0x240 genlfamilyrcvmsgdoit+0xd0/0x120 genlrcvmsg+0x188/0x2c0 ? ethn ---truncated---
[
    {
        "id": "CVE-2024-27014-045cb69a",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "target": {
            "file": "drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c",
            "function": "arfs_handle_work"
        },
        "digest": {
            "function_hash": "216572781889842473957760479258253860853",
            "length": 811.0
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@48c4bb81df19402d4346032353d0795260255e3b"
    },
    {
        "id": "CVE-2024-27014-26f9c418",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "target": {
            "file": "drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c",
            "function": "mlx5e_rx_flow_steer"
        },
        "digest": {
            "function_hash": "177297491058497699579026415148586821728",
            "length": 1171.0
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fef965764cf562f28afb997b626fc7c3cec99693"
    },
    {
        "id": "CVE-2024-27014-2c3c193e",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "target": {
            "file": "drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c",
            "function": "mlx5e_rx_flow_steer"
        },
        "digest": {
            "function_hash": "226167137378308740115019427582278523879",
            "length": 1010.0
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@46efa4d5930cf3c2af8c01f75e0a47e4fc045e3b"
    },
    {
        "id": "CVE-2024-27014-2efa0fa8",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "target": {
            "file": "drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c",
            "function": "mlx5e_arfs_enable"
        },
        "digest": {
            "function_hash": "305294315978723928767957551982827867611",
            "length": 554.0
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@48c4bb81df19402d4346032353d0795260255e3b"
    },
    {
        "id": "CVE-2024-27014-3350ca37",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "target": {
            "file": "drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c",
            "function": "mlx5e_rx_flow_steer"
        },
        "digest": {
            "function_hash": "177297491058497699579026415148586821728",
            "length": 1171.0
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@48c4bb81df19402d4346032353d0795260255e3b"
    },
    {
        "id": "CVE-2024-27014-37a343d3",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "target": {
            "file": "drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c",
            "function": "arfs_del_rules"
        },
        "digest": {
            "function_hash": "160179020385313057365204588865080122291",
            "length": 563.0
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fef965764cf562f28afb997b626fc7c3cec99693"
    },
    {
        "id": "CVE-2024-27014-38a562e8",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "target": {
            "file": "drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c",
            "function": "arfs_del_rules"
        },
        "digest": {
            "function_hash": "160179020385313057365204588865080122291",
            "length": 563.0
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@48c4bb81df19402d4346032353d0795260255e3b"
    },
    {
        "id": "CVE-2024-27014-683712b2",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "target": {
            "file": "drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c"
        },
        "digest": {
            "line_hashes": [
                "236687107157396799858185704151323638835",
                "24577221151805397342271118549925999197",
                "128189793269660142004318673786901312421",
                "60353246309319056950156670165568606529",
                "221461734269391658492431537271035929205",
                "310272830683448248702382527275750195531",
                "60871608910665633420008951346916016164",
                "43021765785219929018559185211274092739",
                "22442300463467650316698611349993398415",
                "267868390585593816517915983992887850017",
                "97055607617978583033919254959978099272",
                "308338644694900432243002527565329676856",
                "189586188903822238746454279556549418410",
                "269562805864086294616113448790485351155",
                "297163271873725573974678152531841702260",
                "22481066107837065078487365729824293327",
                "225191898109630804948982243288014194404",
                "174444110410702087227083307933624648268",
                "93453093976911684022685964733251949450",
                "96840326429679415113600463506616241432",
                "219380917041433735708466430498308856010",
                "246999966537818021272118714013237250705",
                "5081816977378543199950640470879355946",
                "206682731884654754027848222034536531281",
                "154870297467331697072729310855823999396",
                "106608933477089508355991412273174804270",
                "288281201487922479105290911527065234565",
                "12770428430943677723512544070453755780",
                "31392535074359270709584872606123635372",
                "282039712239340644725797198281067806350",
                "94175646181458836977781775912193116829"
            ],
            "threshold": 0.9
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0080bf99499468030248ebd25dd645e487dcecdc"
    },
    {
        "id": "CVE-2024-27014-6a5a3352",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "target": {
            "file": "drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c"
        },
        "digest": {
            "line_hashes": [
                "236687107157396799858185704151323638835",
                "24577221151805397342271118549925999197",
                "128189793269660142004318673786901312421",
                "60353246309319056950156670165568606529",
                "221461734269391658492431537271035929205",
                "310272830683448248702382527275750195531",
                "60871608910665633420008951346916016164",
                "43021765785219929018559185211274092739",
                "22442300463467650316698611349993398415",
                "267868390585593816517915983992887850017",
                "97055607617978583033919254959978099272",
                "308338644694900432243002527565329676856",
                "189586188903822238746454279556549418410",
                "269562805864086294616113448790485351155",
                "297163271873725573974678152531841702260",
                "22481066107837065078487365729824293327",
                "225191898109630804948982243288014194404",
                "174444110410702087227083307933624648268",
                "93453093976911684022685964733251949450",
                "96840326429679415113600463506616241432",
                "219380917041433735708466430498308856010",
                "246999966537818021272118714013237250705",
                "5081816977378543199950640470879355946",
                "206682731884654754027848222034536531281",
                "154870297467331697072729310855823999396",
                "106608933477089508355991412273174804270",
                "288281201487922479105290911527065234565",
                "12770428430943677723512544070453755780",
                "31392535074359270709584872606123635372",
                "282039712239340644725797198281067806350",
                "94175646181458836977781775912193116829"
            ],
            "threshold": 0.9
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fef965764cf562f28afb997b626fc7c3cec99693"
    },
    {
        "id": "CVE-2024-27014-6d284d1b",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "target": {
            "file": "drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c"
        },
        "digest": {
            "line_hashes": [
                "236687107157396799858185704151323638835",
                "24577221151805397342271118549925999197",
                "128189793269660142004318673786901312421",
                "216004000764647083937514675088083631261",
                "150508823637275622023154030935967586090",
                "310272830683448248702382527275750195531",
                "60871608910665633420008951346916016164",
                "43021765785219929018559185211274092739",
                "22442300463467650316698611349993398415",
                "267868390585593816517915983992887850017",
                "97055607617978583033919254959978099272",
                "308338644694900432243002527565329676856",
                "189586188903822238746454279556549418410",
                "269562805864086294616113448790485351155",
                "297163271873725573974678152531841702260",
                "22481066107837065078487365729824293327",
                "225191898109630804948982243288014194404",
                "174444110410702087227083307933624648268",
                "93453093976911684022685964733251949450",
                "96840326429679415113600463506616241432",
                "219380917041433735708466430498308856010",
                "246999966537818021272118714013237250705",
                "5081816977378543199950640470879355946",
                "206682731884654754027848222034536531281",
                "154870297467331697072729310855823999396",
                "106608933477089508355991412273174804270",
                "288281201487922479105290911527065234565",
                "12770428430943677723512544070453755780",
                "31392535074359270709584872606123635372",
                "282039712239340644725797198281067806350",
                "68723667014471058293013339273379744239"
            ],
            "threshold": 0.9
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@46efa4d5930cf3c2af8c01f75e0a47e4fc045e3b"
    },
    {
        "id": "CVE-2024-27014-713c16d6",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "target": {
            "file": "drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c",
            "function": "arfs_handle_work"
        },
        "digest": {
            "function_hash": "216572781889842473957760479258253860853",
            "length": 811.0
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fef965764cf562f28afb997b626fc7c3cec99693"
    },
    {
        "id": "CVE-2024-27014-7922bd6c",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "target": {
            "file": "drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c",
            "function": "arfs_del_rules"
        },
        "digest": {
            "function_hash": "160179020385313057365204588865080122291",
            "length": 563.0
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@46efa4d5930cf3c2af8c01f75e0a47e4fc045e3b"
    },
    {
        "id": "CVE-2024-27014-8f747858",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "target": {
            "file": "drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c",
            "function": "mlx5e_rx_flow_steer"
        },
        "digest": {
            "function_hash": "177297491058497699579026415148586821728",
            "length": 1171.0
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0080bf99499468030248ebd25dd645e487dcecdc"
    },
    {
        "id": "CVE-2024-27014-991c45a2",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "target": {
            "file": "drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c",
            "function": "mlx5e_arfs_enable"
        },
        "digest": {
            "function_hash": "305294315978723928767957551982827867611",
            "length": 554.0
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0080bf99499468030248ebd25dd645e487dcecdc"
    },
    {
        "id": "CVE-2024-27014-9e19dcfc",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "target": {
            "file": "drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c",
            "function": "mlx5e_arfs_enable"
        },
        "digest": {
            "function_hash": "305294315978723928767957551982827867611",
            "length": 554.0
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fef965764cf562f28afb997b626fc7c3cec99693"
    },
    {
        "id": "CVE-2024-27014-a7ddbab5",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "target": {
            "file": "drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c",
            "function": "mlx5e_arfs_enable"
        },
        "digest": {
            "function_hash": "305294315978723928767957551982827867611",
            "length": 554.0
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@46efa4d5930cf3c2af8c01f75e0a47e4fc045e3b"
    },
    {
        "id": "CVE-2024-27014-b9272a3e",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "target": {
            "file": "drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c",
            "function": "arfs_del_rules"
        },
        "digest": {
            "function_hash": "160179020385313057365204588865080122291",
            "length": 563.0
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0080bf99499468030248ebd25dd645e487dcecdc"
    },
    {
        "id": "CVE-2024-27014-ca24fcbe",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "target": {
            "file": "drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c"
        },
        "digest": {
            "line_hashes": [
                "236687107157396799858185704151323638835",
                "24577221151805397342271118549925999197",
                "128189793269660142004318673786901312421",
                "60353246309319056950156670165568606529",
                "221461734269391658492431537271035929205",
                "310272830683448248702382527275750195531",
                "60871608910665633420008951346916016164",
                "43021765785219929018559185211274092739",
                "22442300463467650316698611349993398415",
                "267868390585593816517915983992887850017",
                "97055607617978583033919254959978099272",
                "308338644694900432243002527565329676856",
                "189586188903822238746454279556549418410",
                "269562805864086294616113448790485351155",
                "297163271873725573974678152531841702260",
                "22481066107837065078487365729824293327",
                "225191898109630804948982243288014194404",
                "174444110410702087227083307933624648268",
                "93453093976911684022685964733251949450",
                "96840326429679415113600463506616241432",
                "219380917041433735708466430498308856010",
                "246999966537818021272118714013237250705",
                "5081816977378543199950640470879355946",
                "206682731884654754027848222034536531281",
                "154870297467331697072729310855823999396",
                "106608933477089508355991412273174804270",
                "288281201487922479105290911527065234565",
                "12770428430943677723512544070453755780",
                "31392535074359270709584872606123635372",
                "282039712239340644725797198281067806350",
                "94175646181458836977781775912193116829"
            ],
            "threshold": 0.9
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@48c4bb81df19402d4346032353d0795260255e3b"
    },
    {
        "id": "CVE-2024-27014-e265c92a",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "target": {
            "file": "drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c",
            "function": "arfs_handle_work"
        },
        "digest": {
            "function_hash": "216572781889842473957760479258253860853",
            "length": 811.0
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0080bf99499468030248ebd25dd645e487dcecdc"
    },
    {
        "id": "CVE-2024-27014-ec18abe3",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "target": {
            "file": "drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c",
            "function": "arfs_handle_work"
        },
        "digest": {
            "function_hash": "41768339536697023749615706311716137195",
            "length": 747.0
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@46efa4d5930cf3c2af8c01f75e0a47e4fc045e3b"
    }
]