{ "public_date" : "2025-09-15T00:00:00Z", "bugzilla" : { "description" : "kernel: erofs: Fix detection of atomic context", "id" : "2395432", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2395432" }, "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nerofs: Fix detection of atomic context\nCurrent check for atomic context is not sufficient as\nz_erofs_decompressqueue_endio can be called under rcu lock\nfrom blk_mq_flush_plug_list(). See the stacktrace [1]\nIn such case we should hand off the decompression work for async\nprocessing rather than trying to do sync decompression in current\ncontext. Patch fixes the detection by checking for\nrcu_read_lock_any_held() and while at it use more appropriate\n!in_task() check than in_atomic().\nBackground: Historically erofs would always schedule a kworker for\ndecompression which would incur the scheduling cost regardless of\nthe context. But z_erofs_decompressqueue_endio() may not always\nbe in atomic context and we could actually benefit from doing the\ndecompression in z_erofs_decompressqueue_endio() if we are in\nthread context, for example when running with dm-verity.\nThis optimization was later added in patch [2] which has shown\nimprovement in performance benchmarks.\n==============================================\n[1] Problem stacktrace\n[name:core&]BUG: sleeping function called from invalid context at kernel/locking/mutex.c:291\n[name:core&]in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 1615, name: CpuMonitorServi\n[name:core&]preempt_count: 0, expected: 0\n[name:core&]RCU nest depth: 1, expected: 0\nCPU: 7 PID: 1615 Comm: CpuMonitorServi Tainted: G S W OE 6.1.25-android14-5-maybe-dirty-mainline #1\nHardware name: MT6897 (DT)\nCall trace:\ndump_backtrace+0x108/0x15c\nshow_stack+0x20/0x30\ndump_stack_lvl+0x6c/0x8c\ndump_stack+0x20/0x48\n__might_resched+0x1fc/0x308\n__might_sleep+0x50/0x88\nmutex_lock+0x2c/0x110\nz_erofs_decompress_queue+0x11c/0xc10\nz_erofs_decompress_kickoff+0x110/0x1a4\nz_erofs_decompressqueue_endio+0x154/0x180\nbio_endio+0x1b0/0x1d8\n__dm_io_complete+0x22c/0x280\nclone_endio+0xe4/0x280\nbio_endio+0x1b0/0x1d8\nblk_update_request+0x138/0x3a4\nblk_mq_plug_issue_direct+0xd4/0x19c\nblk_mq_flush_plug_list+0x2b0/0x354\n__blk_flush_plug+0x110/0x160\nblk_finish_plug+0x30/0x4c\nread_pages+0x2fc/0x370\npage_cache_ra_unbounded+0xa4/0x23c\npage_cache_ra_order+0x290/0x320\ndo_sync_mmap_readahead+0x108/0x2c0\nfilemap_fault+0x19c/0x52c\n__do_fault+0xc4/0x114\nhandle_mm_fault+0x5b4/0x1168\ndo_page_fault+0x338/0x4b4\ndo_translation_fault+0x40/0x60\ndo_mem_abort+0x60/0xc8\nel0_da+0x4c/0xe0\nel0t_64_sync_handler+0xd4/0xfc\nel0t_64_sync+0x1a0/0x1a4\n[2] Link: https://lore.kernel.org/all/20210317035448.13921-1-huangjianan@oppo.com/" ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-53231\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53231\nhttps://lore.kernel.org/linux-cve-announce/2025091514-CVE-2023-53231-7743@gregkh/T" ], "name" : "CVE-2023-53231", "csaw" : false }