ghsa-8pcr-p4fc-6g8c
Vulnerability from github
Published
2025-06-18 12:30
Modified
2025-06-18 12:30
Details

In the Linux kernel, the following vulnerability has been resolved:

serial: mctrl_gpio: split disable_ms into sync and no_sync APIs

The following splat has been observed on a SAMA5D27 platform using atmel_serial:

BUG: sleeping function called from invalid context at kernel/irq/manage.c:738 in_atomic(): 1, irqs_disabled(): 128, non_block: 0, pid: 27, name: kworker/u5:0 preempt_count: 1, expected: 0 INFO: lockdep is turned off. irq event stamp: 0 hardirqs last enabled at (0): [<00000000>] 0x0 hardirqs last disabled at (0): [] copy_process+0x1c4c/0x7bec softirqs last enabled at (0): [] copy_process+0x1ca0/0x7bec softirqs last disabled at (0): [<00000000>] 0x0 CPU: 0 UID: 0 PID: 27 Comm: kworker/u5:0 Not tainted 6.13.0-rc7+ #74 Hardware name: Atmel SAMA5 Workqueue: hci0 hci_power_on [bluetooth] Call trace: unwind_backtrace from show_stack+0x18/0x1c show_stack from dump_stack_lvl+0x44/0x70 dump_stack_lvl from __might_resched+0x38c/0x598 __might_resched from disable_irq+0x1c/0x48 disable_irq from mctrl_gpio_disable_ms+0x74/0xc0 mctrl_gpio_disable_ms from atmel_disable_ms.part.0+0x80/0x1f4 atmel_disable_ms.part.0 from atmel_set_termios+0x764/0x11e8 atmel_set_termios from uart_change_line_settings+0x15c/0x994 uart_change_line_settings from uart_set_termios+0x2b0/0x668 uart_set_termios from tty_set_termios+0x600/0x8ec tty_set_termios from ttyport_set_flow_control+0x188/0x1e0 ttyport_set_flow_control from wilc_setup+0xd0/0x524 [hci_wilc] wilc_setup [hci_wilc] from hci_dev_open_sync+0x330/0x203c [bluetooth] hci_dev_open_sync [bluetooth] from hci_dev_do_open+0x40/0xb0 [bluetooth] hci_dev_do_open [bluetooth] from hci_power_on+0x12c/0x664 [bluetooth] hci_power_on [bluetooth] from process_one_work+0x998/0x1a38 process_one_work from worker_thread+0x6e0/0xfb4 worker_thread from kthread+0x3d4/0x484 kthread from ret_from_fork+0x14/0x28

This warning is emitted when trying to toggle, at the highest level, some flow control (with serdev_device_set_flow_control) in a device driver. At the lowest level, the atmel_serial driver is using serial_mctrl_gpio lib to enable/disable the corresponding IRQs accordingly. The warning emitted by CONFIG_DEBUG_ATOMIC_SLEEP is due to disable_irq (called in mctrl_gpio_disable_ms) being possibly called in some atomic context (some tty drivers perform modem lines configuration in regions protected by port lock).

Split mctrl_gpio_disable_ms into two differents APIs, a non-blocking one and a blocking one. Replace mctrl_gpio_disable_ms calls with the relevant version depending on whether the call is protected by some port lock.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2025-38040"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-18T10:15:36Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: mctrl_gpio: split disable_ms into sync and no_sync APIs\n\nThe following splat has been observed on a SAMA5D27 platform using\natmel_serial:\n\nBUG: sleeping function called from invalid context at kernel/irq/manage.c:738\nin_atomic(): 1, irqs_disabled(): 128, non_block: 0, pid: 27, name: kworker/u5:0\npreempt_count: 1, expected: 0\nINFO: lockdep is turned off.\nirq event stamp: 0\nhardirqs last  enabled at (0): [\u003c00000000\u003e] 0x0\nhardirqs last disabled at (0): [\u003cc01588f0\u003e] copy_process+0x1c4c/0x7bec\nsoftirqs last  enabled at (0): [\u003cc0158944\u003e] copy_process+0x1ca0/0x7bec\nsoftirqs last disabled at (0): [\u003c00000000\u003e] 0x0\nCPU: 0 UID: 0 PID: 27 Comm: kworker/u5:0 Not tainted 6.13.0-rc7+ #74\nHardware name: Atmel SAMA5\nWorkqueue: hci0 hci_power_on [bluetooth]\nCall trace:\n  unwind_backtrace from show_stack+0x18/0x1c\n  show_stack from dump_stack_lvl+0x44/0x70\n  dump_stack_lvl from __might_resched+0x38c/0x598\n  __might_resched from disable_irq+0x1c/0x48\n  disable_irq from mctrl_gpio_disable_ms+0x74/0xc0\n  mctrl_gpio_disable_ms from atmel_disable_ms.part.0+0x80/0x1f4\n  atmel_disable_ms.part.0 from atmel_set_termios+0x764/0x11e8\n  atmel_set_termios from uart_change_line_settings+0x15c/0x994\n  uart_change_line_settings from uart_set_termios+0x2b0/0x668\n  uart_set_termios from tty_set_termios+0x600/0x8ec\n  tty_set_termios from ttyport_set_flow_control+0x188/0x1e0\n  ttyport_set_flow_control from wilc_setup+0xd0/0x524 [hci_wilc]\n  wilc_setup [hci_wilc] from hci_dev_open_sync+0x330/0x203c [bluetooth]\n  hci_dev_open_sync [bluetooth] from hci_dev_do_open+0x40/0xb0 [bluetooth]\n  hci_dev_do_open [bluetooth] from hci_power_on+0x12c/0x664 [bluetooth]\n  hci_power_on [bluetooth] from process_one_work+0x998/0x1a38\n  process_one_work from worker_thread+0x6e0/0xfb4\n  worker_thread from kthread+0x3d4/0x484\n  kthread from ret_from_fork+0x14/0x28\n\nThis warning is emitted when trying to toggle, at the highest level,\nsome flow control (with serdev_device_set_flow_control) in a device\ndriver. At the lowest level, the atmel_serial driver is using\nserial_mctrl_gpio lib to enable/disable the corresponding IRQs\naccordingly.  The warning emitted by CONFIG_DEBUG_ATOMIC_SLEEP is due to\ndisable_irq (called in mctrl_gpio_disable_ms) being possibly called in\nsome atomic context (some tty drivers perform modem lines configuration\nin regions protected by port lock).\n\nSplit mctrl_gpio_disable_ms into two differents APIs, a non-blocking one\nand a blocking one. Replace mctrl_gpio_disable_ms calls with the\nrelevant version depending on whether the call is protected by some port\nlock.",
  "id": "GHSA-8pcr-p4fc-6g8c",
  "modified": "2025-06-18T12:30:32Z",
  "published": "2025-06-18T12:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38040"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1bd2aad57da95f7f2d2bb52f7ad15c0f4993a685"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/68435c1fa3db696db4f480385db9e50e26691d0d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7187ec6b0b9ff22ebac2c3bb4178b7dbbdc0a55a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c504c11b94d6e4ad818ca5578dffa8ff29ad0f20"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e6a46719a2369eb5186d4f7e6c0478720ca1ec3d"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.