In the Linux kernel, the following vulnerability has been resolved:
net: phy: Dont register LEDs for genphy
If a PHY has no driver, the genphy driver is probed/removed directly in phy_attach/detach. If the PHYs ofnode has an leds subnode, then the LEDs will be (un)registered when probing/removing the genphy driver. This could occur if the leds are for a non-generic driver that isnt loaded for whatever reason. Synchronously removing the PHY device in phy_detach leads to the following deadlock:
rtnl_lock() ndo_close() … phy_detach() phy_remove() phy_leds_unregister() led_classdev_unregister() led_trigger_set() netdev_trigger_deactivate() unregister_netdevice_notifier() rtnl_lock()
There is a corresponding deadlock on the open/register side of things (and that one is reported by lockdep), but it requires a race while this one is deterministic.
Generic PHYs do not support LEDs anyway, so dont bother registering them.