CVE-2025-38311
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-38311
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38311.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-38311
- Downstream
- Published
- 2025-07-10T07:42:20.006Z
- Modified
- 2025-11-27T19:35:41.772394Z
- Summary
- iavf: get rid of the crit lock
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
iavf: get rid of the crit lock
Get rid of the crit lock. That frees us from the error prone logic of try_locks.
Thanks to netdev_lock() by Jakub it is now easy, and in most cases we were protected by it already - replace crit lock by netdev lock when it was not the case.
Lockdep reports that we should cancel the work under crit_lock [splat1], and that was the scheme we have mostly followed since [1] by Slawomir. But when that is done we still got into deadlocks [splat2]. So instead we should look at the bigger problem, namely "weird locking/scheduling" of the iavf. The first step to fix that is to remove the crit lock. I will followup with a -next series that simplifies scheduling/tasks.
Cancel the work without netdev lock (weird unlock+lock scheme), to fix the [splat2] (which would be totally ugly if we would kept the crit lock).
Extend protected part of iavfwatchdogtask() to include scheduling more work.
Note that the removed comment in iavfresettask() was misplaced, it belonged to inside of the removed if condition, so it's gone now.
[splat1] - w/o this patch - The deadlock during VF removal: WARNING: possible circular locking dependency detected sh/3825 is trying to acquire lock: ((workcompletion)(&(&adapter->watchdogtask)->work)){+.+.}-{0:0}, at: startflushwork+0x1a1/0x470 but task is already holding lock: (&adapter->critlock){+.+.}-{4:4}, at: iavfremove+0xd1/0x690 [iavf] which lock already depends on the new lock.
[splat2] - when cancelling work under crit lock, w/o this series, see [2] for the band aid attempt WARNING: possible circular locking dependency detected sh/3550 is trying to acquire lock: ((wqcompletion)iavf){+.+.}-{0:0}, at: touchwqlockdepmap+0x26/0x90 but task is already holding lock: (&dev->lock){+.+.}-{4:4}, at: iavf_remove+0xa6/0x6e0 [iavf] which lock already depends on the new lock.
[1] fc2e6b3b132a ("iavf: Rework mutexes for better synchronisation") [2] https://github.com/pkitszel/linux/commit/52dddbfc2bb60294083f5711a158a
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/blob/ee626f5d79d5817bb21d6f048dc0da4c4e383443/cves/2025/38xxx/CVE-2025-38311.json", "cna_assigner": "Linux" }- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedd1639a17319ba78a018280cd2df6577a7e5d9fabFixed620ab4d6215de0b25227f9fff1a8c7fb66837cb8
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedd1639a17319ba78a018280cd2df6577a7e5d9fabFixed120f28a6f314fef7f282c99f196923fe44081cad
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected2647ff59c52ef42c853c905817ed1a7f092d59a5
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected63d14a43128540016ebd4f7fa3ad3a2f0d6e642c