CVE-2023-53029

EUVD-2023-59691

27.03.2025, 17:15

In the Linux kernel, the following vulnerability has been resolved:

octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt

The commit 4af1b64f80fb ("octeontx2-pf: Fix lmtst ID used in aura
free") uses the get/put_cpu() to protect the usage of percpu pointer
in ->aura_freeptr() callback, but it also unnecessarily disable the
preemption for the blockable memory allocation. The commit 87b93b678e95
("octeontx2-pf: Avoid use of GFP_KERNEL in atomic context") tried to
fix these sleep inside atomic warnings. But it only fix the one for
the non-rt kernel. For the rt kernel, we still get the similar warnings
like below.
  BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:46
  in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1, name: swapper/0
  preempt_count: 1, expected: 0
  RCU nest depth: 0, expected: 0
  3 locks held by swapper/0/1:
   #0: ffff800009fc5fe8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock+0x24/0x30
   #1: ffff000100c276c0 (&mbox->lock){+.+.}-{3:3}, at: otx2_init_hw_resources+0x8c/0x3a4
   #2: ffffffbfef6537e0 (&cpu_rcache->lock){+.+.}-{2:2}, at: alloc_iova_fast+0x1ac/0x2ac
  Preemption disabled at:
  [<ffff800008b1908c>] otx2_rq_aura_pool_init+0x14c/0x284
  CPU: 20 PID: 1 Comm: swapper/0 Tainted: G        W          6.2.0-rc3-rt1-yocto-preempt-rt #1
  Hardware name: Marvell OcteonTX CN96XX board (DT)
  Call trace:
   dump_backtrace.part.0+0xe8/0xf4
   show_stack+0x20/0x30
   dump_stack_lvl+0x9c/0xd8
   dump_stack+0x18/0x34
   __might_resched+0x188/0x224
   rt_spin_lock+0x64/0x110
   alloc_iova_fast+0x1ac/0x2ac
   iommu_dma_alloc_iova+0xd4/0x110
   __iommu_dma_map+0x80/0x144
   iommu_dma_map_page+0xe8/0x260
   dma_map_page_attrs+0xb4/0xc0
   __otx2_alloc_rbuf+0x90/0x150
   otx2_rq_aura_pool_init+0x1c8/0x284
   otx2_init_hw_resources+0xe4/0x3a4
   otx2_open+0xf0/0x610
   __dev_open+0x104/0x224
   __dev_change_flags+0x1e4/0x274
   dev_change_flags+0x2c/0x7c
   ic_open_devs+0x124/0x2f8
   ip_auto_config+0x180/0x42c
   do_one_initcall+0x90/0x4dc
   do_basic_setup+0x10c/0x14c
   kernel_init_freeable+0x10c/0x13c
   kernel_init+0x2c/0x140
   ret_from_fork+0x10/0x20

Of course, we can shuffle the get/put_cpu() to only wrap the invocation
of ->aura_freeptr() as what commit 87b93b678e95 does. But there are only
two ->aura_freeptr() callbacks, otx2_aura_freeptr() and
cn10k_aura_freeptr(). There is no usage of perpcu variable in the
otx2_aura_freeptr() at all, so the get/put_cpu() seems redundant to it.
We can move the get/put_cpu() into the corresponding callback which
really has the percpu variable usage and avoid the sprinkling of
get/put_cpu() in several places.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 11%

Affected Products (NVD)

Vendor	Product	Version
linux	linux_kernel	5.15.87 ≤ 𝑥 < 5.15.91
linux	linux_kernel	6.0.19 ≤ 𝑥 < 6.1
linux	linux_kernel	6.1.5 ≤ 𝑥 < 6.1.8
linux	linux_kernel	6.2:rc3
linux	linux_kernel	6.2:rc4

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

linux

bookworm	6.1.129-1 fixed
bookworm (security)	6.1.128-1 fixed
bullseye	5.10.223-1 not-affected
bullseye (security)	5.10.234-1 fixed
sid	6.12.20-1 fixed
trixie	6.12.19-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

linux

bionic	needs-triage
focal	needs-triage
jammy	needs-triage
noble	needs-triage
oracular	needs-triage
trusty	needs-triage
xenial	needs-triage

linux-allwinner-5.19

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-aws

bionic	needs-triage
focal	needs-triage
jammy	needs-triage
noble	needs-triage
oracular	needs-triage
trusty	needs-triage
xenial	needs-triage

linux-aws-5.0

bionic	ignored
focal	dne
jammy	dne
noble	dne
oracular	dne

linux-aws-5.11

focal	ignored
jammy	dne
noble	dne
oracular	dne

linux-aws-5.13

focal	ignored
jammy	dne
noble	dne
oracular	dne

linux-aws-5.15

focal	needs-triage
jammy	dne
noble	dne
oracular	dne

linux-aws-5.19

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-aws-5.3

bionic	ignored
focal	dne
jammy	dne
noble	dne
oracular	dne

linux-aws-5.4

bionic	needs-triage
focal	dne
jammy	dne
noble	dne
oracular	dne

linux-aws-5.8

focal	ignored
jammy	dne
noble	dne
oracular	dne

linux-aws-6.2

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-aws-6.5

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-aws-6.8

focal	dne
jammy	needs-triage
noble	dne
oracular	dne

linux-aws-fips

bionic	needs-triage
focal	needs-triage
jammy	needs-triage
noble	dne
oracular	dne

linux-aws-hwe

focal	dne
jammy	dne
noble	dne
oracular	dne
xenial	needs-triage

linux-azure

bionic	ignored
focal	needs-triage
jammy	needs-triage
noble	needs-triage
oracular	needs-triage
trusty	needs-triage
xenial	needs-triage

linux-azure-4.15

bionic	needs-triage
focal	dne
jammy	dne
noble	dne
oracular	dne

linux-azure-5.11

focal	ignored
jammy	dne
noble	dne
oracular	dne

linux-azure-5.13

focal	ignored
jammy	dne
noble	dne
oracular	dne

linux-azure-5.15

focal	needs-triage
jammy	dne
noble	dne
oracular	dne

linux-azure-5.19

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-azure-5.3

bionic	ignored
focal	dne
jammy	dne
noble	dne
oracular	dne

linux-azure-5.4

bionic	needs-triage
focal	dne
jammy	dne
noble	dne
oracular	dne

linux-azure-5.8

focal	ignored
jammy	dne
noble	dne
oracular	dne

linux-azure-6.2

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-azure-6.5

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-azure-6.8

focal	dne
jammy	needs-triage
noble	dne
oracular	dne

linux-azure-edge

bionic	ignored
focal	dne
jammy	dne
noble	dne
oracular	dne

linux-azure-fde

focal	ignored
jammy	needs-triage
noble	dne
oracular	dne

linux-azure-fde-5.15

focal	needs-triage
jammy	dne
noble	dne
oracular	dne

linux-azure-fde-5.19

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-azure-fde-6.2

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-azure-fips

bionic	needs-triage
focal	needs-triage
jammy	needs-triage
noble	dne
oracular	dne

linux-bluefield

focal	needs-triage
jammy	dne
noble	dne
oracular	dne

linux-fips

bionic	needs-triage
focal	needs-triage
jammy	needs-triage
noble	dne
oracular	dne
xenial	needs-triage

linux-gcp

bionic	ignored
focal	needs-triage
jammy	needs-triage
noble	needs-triage
oracular	needs-triage
xenial	needs-triage

linux-gcp-4.15

bionic	needs-triage
focal	dne
jammy	dne
noble	dne
oracular	dne

linux-gcp-5.11

focal	ignored
jammy	dne
noble	dne
oracular	dne

linux-gcp-5.13

focal	ignored
jammy	dne
noble	dne
oracular	dne

linux-gcp-5.15

focal	needs-triage
jammy	dne
noble	dne
oracular	dne

linux-gcp-5.19

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-gcp-5.3

bionic	ignored
focal	dne
jammy	dne
noble	dne
oracular	dne

linux-gcp-5.4

bionic	needs-triage
focal	dne
jammy	dne
noble	dne
oracular	dne

linux-gcp-5.8

focal	ignored
jammy	dne
noble	dne
oracular	dne

linux-gcp-6.2

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-gcp-6.5

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-gcp-6.8

focal	dne
jammy	needs-triage
noble	dne
oracular	dne

linux-gcp-fips

bionic	needs-triage
focal	needs-triage
jammy	needs-triage
noble	dne
oracular	dne

linux-gke

focal	ignored
jammy	needs-triage
noble	needs-triage
oracular	dne

linux-gke-4.15

bionic	ignored
focal	dne
jammy	dne
noble	dne
oracular	dne

linux-gke-5.15

focal	ignored
jammy	dne
noble	dne
oracular	dne

linux-gke-5.4

bionic	ignored
focal	dne
jammy	dne
noble	dne
oracular	dne

linux-gkeop

focal	ignored
jammy	needs-triage
noble	needs-triage
oracular	dne

linux-gkeop-5.15

focal	ignored
jammy	dne
noble	dne
oracular	dne

linux-gkeop-5.4

bionic	ignored
focal	dne
jammy	dne
noble	dne
oracular	dne

linux-hwe

bionic	ignored
focal	dne
jammy	dne
noble	dne
oracular	dne
xenial	needs-triage

linux-hwe-5.11

focal	ignored
jammy	dne
noble	dne
oracular	dne

linux-hwe-5.13

focal	ignored
jammy	dne
noble	dne
oracular	dne

linux-hwe-5.15

focal	needs-triage
jammy	dne
noble	dne
oracular	dne

linux-hwe-5.19

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-hwe-5.4

bionic	needs-triage
focal	dne
jammy	dne
noble	dne
oracular	dne

linux-hwe-5.8

focal	ignored
jammy	dne
noble	dne
oracular	dne

linux-hwe-6.11

focal	dne
jammy	dne
noble	needs-triage
oracular	dne

linux-hwe-6.2

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-hwe-6.5

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-hwe-6.8

focal	dne
jammy	needs-triage
noble	dne
oracular	dne

linux-hwe-edge

bionic	ignored
focal	dne
jammy	dne
noble	dne
oracular	dne
xenial	ignored

linux-ibm

focal	needs-triage
jammy	needs-triage
noble	needs-triage
oracular	dne

linux-ibm-5.15

focal	needs-triage
jammy	dne
noble	dne
oracular	dne

linux-ibm-5.4

bionic	needs-triage
focal	dne
jammy	dne
noble	dne
oracular	dne

linux-intel-5.13

focal	ignored
jammy	dne
noble	dne
oracular	dne

linux-intel-iot-realtime

focal	dne
jammy	needs-triage
noble	dne
oracular	dne

linux-intel-iotg

focal	dne
jammy	needs-triage
noble	dne
oracular	dne

linux-intel-iotg-5.15

focal	needs-triage
jammy	dne
noble	dne
oracular	dne

linux-iot

focal	needs-triage
jammy	dne
noble	dne
oracular	dne

linux-kvm

bionic	needs-triage
focal	needs-triage
jammy	needs-triage
noble	dne
oracular	dne
xenial	needs-triage

linux-lowlatency

focal	dne
jammy	needs-triage
noble	needs-triage
oracular	needs-triage

linux-lowlatency-hwe-5.15

focal	needs-triage
jammy	dne
noble	dne
oracular	dne

linux-lowlatency-hwe-5.19

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-lowlatency-hwe-6.11

focal	dne
jammy	dne
noble	needs-triage
oracular	dne

linux-lowlatency-hwe-6.2

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-lowlatency-hwe-6.5

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-lowlatency-hwe-6.8

focal	dne
jammy	needs-triage
noble	dne
oracular	dne

linux-lts-xenial

focal	dne
jammy	dne
noble	dne
oracular	dne
trusty	needs-triage

linux-nvidia

focal	dne
jammy	needs-triage
noble	needs-triage
oracular	dne

linux-nvidia-6.2

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-nvidia-6.5

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-nvidia-6.8

focal	dne
jammy	needs-triage
noble	dne
oracular	dne

linux-nvidia-lowlatency

focal	dne
jammy	dne
noble	needs-triage
oracular	dne

linux-nvidia-tegra

focal	dne
jammy	needs-triage
noble	needs-triage
oracular	dne

linux-nvidia-tegra-igx

focal	dne
jammy	needs-triage
noble	dne
oracular	dne

linux-oem

bionic	ignored
focal	dne
jammy	dne
noble	dne
oracular	dne

linux-oem-5.10

focal	ignored
jammy	dne
noble	dne
oracular	dne

linux-oem-5.13

focal	ignored
jammy	dne
noble	dne
oracular	dne

linux-oem-5.14

focal	ignored
jammy	dne
noble	dne
oracular	dne

linux-oem-5.17

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-oem-5.6

focal	ignored
jammy	dne
noble	dne
oracular	dne

linux-oem-6.0

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-oem-6.1

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-oem-6.11

focal	dne
jammy	dne
noble	needs-triage
oracular	dne

linux-oem-6.5

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-oem-6.8

focal	dne
jammy	dne
noble	needs-triage
oracular	dne

linux-oracle

bionic	needs-triage
focal	needs-triage
jammy	needs-triage
noble	needs-triage
oracular	needs-triage
xenial	needs-triage

linux-oracle-5.0

bionic	ignored
focal	dne
jammy	dne
noble	dne
oracular	dne

linux-oracle-5.11

focal	ignored
jammy	dne
noble	dne
oracular	dne

linux-oracle-5.13

focal	ignored
jammy	dne
noble	dne
oracular	dne

linux-oracle-5.15

focal	needs-triage
jammy	dne
noble	dne
oracular	dne

linux-oracle-5.3

bionic	ignored
focal	dne
jammy	dne
noble	dne
oracular	dne

linux-oracle-5.4

bionic	needs-triage
focal	dne
jammy	dne
noble	dne
oracular	dne

linux-oracle-5.8

focal	ignored
jammy	dne
noble	dne
oracular	dne

linux-oracle-6.5

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-oracle-6.8

focal	dne
jammy	needs-triage
noble	dne
oracular	dne

linux-raspi

focal	needs-triage
jammy	needs-triage
noble	needs-triage
oracular	needs-triage

linux-raspi-5.4

bionic	needs-triage
focal	dne
jammy	dne
noble	dne
oracular	dne

linux-raspi-realtime

focal	dne
jammy	dne
noble	needs-triage
oracular	dne

linux-raspi2

focal	ignored
jammy	dne
noble	dne
oracular	dne

linux-realtime

focal	dne
jammy	needs-triage
noble	needs-triage
oracular	needs-triage

linux-riscv

focal	ignored
jammy	ignored
noble	needs-triage
oracular	needs-triage

linux-riscv-5.11

focal	ignored
jammy	dne
noble	dne
oracular	dne

linux-riscv-5.15

focal	needs-triage
jammy	dne
noble	dne
oracular	dne

linux-riscv-5.19

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-riscv-5.8

focal	ignored
jammy	dne
noble	dne
oracular	dne

linux-riscv-6.5

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-riscv-6.8

focal	dne
jammy	needs-triage
noble	dne
oracular	dne

linux-starfive-5.19

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-starfive-6.2

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-starfive-6.5

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-xilinx-zynqmp

focal	needs-triage
jammy	needs-triage
noble	dne
oracular	dne

Common Weakness Enumeration

CWE-667 - Improper Locking
The software does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

References

https://git.kernel.org/stable/c/29e9c67bf3271067735c188e95cf3631ecd64d58

https://git.kernel.org/stable/c/55ba18dc62deff5910c0fa64486dea1ff20832ff

https://git.kernel.org/stable/c/659518e013d6bd562bb0f1d2d9f99d0ac54720e2