DEBIAN-CVE-2025-21876

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix suspicious RCU usage Commit <d74169ceb0d2> ("iommu/vt-d: Allocate DMAR fault interrupts locally") moved the call to enabledrhdfaulthandling() to a code path that does not hold any lock while traversing the drhd list. Fix it by ensuring the dmargloballock lock is held when traversing the drhd list. Without this fix, the following warning is triggered: ============================= WARNING: suspicious RCU usage 6.14.0-rc3 #55 Not tainted ----------------------------- drivers/iommu/intel/dmar.c:2046 RCU-list traversed in non-reader section!! other info that might help us debug this: rcuscheduleractive = 1, debuglocks = 1 2 locks held by cpuhp/1/23: #0: ffffffff84a67c50 (cpuhotpluglock){++++}-{0:0}, at: cpuhpthreadfun+0x87/0x2c0 #1: ffffffff84a6a380 (cpuhpstate-up){+.+.}-{0:0}, at: cpuhpthreadfun+0x87/0x2c0 stack backtrace: CPU: 1 UID: 0 PID: 23 Comm: cpuhp/1 Not tainted 6.14.0-rc3 #55 Call Trace: <TASK> dumpstacklvl+0xb7/0xd0 lockdeprcususpicious+0x159/0x1f0 ? _pfxenabledrhdfaulthandling+0x10/0x10 enabledrhdfaulthandling+0x151/0x180 cpuhpinvokecallback+0x1df/0x990 cpuhpthreadfun+0x1ea/0x2c0 smpbootthreadfn+0x1f5/0x2e0 ? _pfxsmpbootthreadfn+0x10/0x10 kthread+0x12a/0x2d0 ? _pfxkthread+0x10/0x10 retfromfork+0x4a/0x60 ? _pfxkthread+0x10/0x10 retfromforkasm+0x1a/0x30 </TASK> Holding the lock in enabledrhdfaulthandling() triggers a lockdep splat about a possible deadlock between dmargloballock and cpuhotpluglock. This is avoided by not holding dmargloballock when calling iommudevice_register(), which initiates the device probe process.