CVE-2026-53293: drm/amdgpu: fix AMDGPU_INFO_READ_MMR_REG

[Greg Kroah-Hartman <gregkh@linuxfoundation.org>]

From: Greg Kroah-Hartman <gregkh@kernel.org>

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: fix AMDGPU_INFO_READ_MMR_REG

There were multiple issues in that code.

First of all the order between the reset semaphore and the mm_lock was
wrong (e.g. copy_to_user) was called while holding the lock.

Then we allocated memory while holding the reset semaphore which is also
a pretty big bug and can deadlock.

Then we used down_read_trylock() instead of waiting for the reset to
finish.

(cherry picked from commit 361b6e6b303d4b691f6c5974d3eaab67ca6dd90e)

The Linux kernel CVE team has assigned CVE-2026-53293 to this issue.


Affected and fixed versions
===========================

	Issue introduced in 6.6.55 with commit 8361e3f7882876d98ba98cae0d3149450dd80912 and fixed in 6.6.141 with commit 8c4254c8f5836e77ae83e7fc037f02b69f7a0977
	Issue introduced in 6.12 with commit 9e823f307074c0f82b5f6044943b0086e3079bed and fixed in 6.12.91 with commit 61957c2e467b39b528a290016367d32a433fa846
	Issue introduced in 6.12 with commit 9e823f307074c0f82b5f6044943b0086e3079bed and fixed in 6.18.33 with commit a31c3feb54b15a90232e497ad0e27e8a82052d8d
	Issue introduced in 6.12 with commit 9e823f307074c0f82b5f6044943b0086e3079bed and fixed in 7.0.10 with commit 5c29d20470d4566d1b68df57097d642d01f8b427
	Issue introduced in 6.12 with commit 9e823f307074c0f82b5f6044943b0086e3079bed and fixed in 7.1 with commit 0ef196a208385b7d7da79f411c161b04e97283e2
	Issue introduced in 6.10.14 with commit 17a98c942cb106ec08564e8f43b5470a4dd5d3f6
	Issue introduced in 6.11.3 with commit 9a98563345697bdb1d3410ff428473b2e781f4db

Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.

Unaffected versions might change over time as fixes are backported to
older supported kernel versions.  The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2026-53293
will be updated if fixes are backported, please check that for the most
up to date information about this issue.


Affected files
==============

The file(s) affected by this issue are:
	drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c


Mitigation
==========

The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes.  Individual
changes are never tested alone, but rather are part of a larger kernel
release.  Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all.  If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
	https://git.kernel.org/stable/c/8c4254c8f5836e77ae83e7fc037f02b69f7a0977
	https://git.kernel.org/stable/c/61957c2e467b39b528a290016367d32a433fa846
	https://git.kernel.org/stable/c/a31c3feb54b15a90232e497ad0e27e8a82052d8d
	https://git.kernel.org/stable/c/5c29d20470d4566d1b68df57097d642d01f8b427
	https://git.kernel.org/stable/c/0ef196a208385b7d7da79f411c161b04e97283e2