ghsa-jgfw-fjpj-4wm9
Vulnerability from github
Published
2025-05-02 18:31
Modified
2025-05-02 18:31
Details

In the Linux kernel, the following vulnerability has been resolved:

firmware: xilinx: don't make a sleepable memory allocation from an atomic context

The following issue was discovered using lockdep: [ 6.691371] BUG: sleeping function called from invalid context at include/linux/sched/mm.h:209 [ 6.694602] in_atomic(): 1, irqs_disabled(): 128, non_block: 0, pid: 1, name: swapper/0 [ 6.702431] 2 locks held by swapper/0/1: [ 6.706300] #0: ffffff8800f6f188 (&dev->mutex){....}-{3:3}, at: __device_driver_lock+0x4c/0x90 [ 6.714900] #1: ffffffc009a2abb8 (enable_lock){....}-{2:2}, at: clk_enable_lock+0x4c/0x140 [ 6.723156] irq event stamp: 304030 [ 6.726596] hardirqs last enabled at (304029): [] _raw_spin_unlock_irqrestore+0xc0/0xd0 [ 6.736142] hardirqs last disabled at (304030): [] clk_enable_lock+0xfc/0x140 [ 6.744742] softirqs last enabled at (303958): [] _stext+0x4f0/0x894 [ 6.752655] softirqs last disabled at (303951): [] irq_exit+0x238/0x280 [ 6.760744] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G U 5.15.36 #2 [ 6.768048] Hardware name: xlnx,zynqmp (DT) [ 6.772179] Call trace: [ 6.774584] dump_backtrace+0x0/0x300 [ 6.778197] show_stack+0x18/0x30 [ 6.781465] dump_stack_lvl+0xb8/0xec [ 6.785077] dump_stack+0x1c/0x38 [ 6.788345] mightsleep+0x1a8/0x2a0 [ 6.792129] might_sleep+0x6c/0xd0 [ 6.795655] kmem_cache_alloc_trace+0x270/0x3d0 [ 6.800127] do_feature_check_call+0x100/0x220 [ 6.804513] zynqmp_pm_invoke_fn+0x8c/0xb0 [ 6.808555] zynqmp_pm_clock_getstate+0x90/0xe0 [ 6.813027] zynqmp_pll_is_enabled+0x8c/0x120 [ 6.817327] zynqmp_pll_enable+0x38/0xc0 [ 6.821197] clk_core_enable+0x144/0x400 [ 6.825067] clk_core_enable+0xd4/0x400 [ 6.828851] clk_core_enable+0xd4/0x400 [ 6.832635] clk_core_enable+0xd4/0x400 [ 6.836419] clk_core_enable+0xd4/0x400 [ 6.840203] clk_core_enable+0xd4/0x400 [ 6.843987] clk_core_enable+0xd4/0x400 [ 6.847771] clk_core_enable+0xd4/0x400 [ 6.851555] clk_core_enable_lock+0x24/0x50 [ 6.855683] clk_enable+0x24/0x40 [ 6.858952] fclk_probe+0x84/0xf0 [ 6.862220] platform_probe+0x8c/0x110 [ 6.865918] really_probe+0x110/0x5f0 [ 6.869530] __driver_probe_device+0xcc/0x210 [ 6.873830] driver_probe_device+0x64/0x140 [ 6.877958] __driver_attach+0x114/0x1f0 [ 6.881828] bus_for_each_dev+0xe8/0x160 [ 6.885698] driver_attach+0x34/0x50 [ 6.889224] bus_add_driver+0x228/0x300 [ 6.893008] driver_register+0xc0/0x1e0 [ 6.896792] __platform_driver_register+0x44/0x60 [ 6.901436] fclk_driver_init+0x1c/0x28 [ 6.905220] do_one_initcall+0x104/0x590 [ 6.909091] kernel_init_freeable+0x254/0x2bc [ 6.913390] kernel_init+0x24/0x130 [ 6.916831] ret_from_fork+0x10/0x20

Fix it by passing the GFP_ATOMIC gfp flag for the corresponding memory allocation.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2023-53099"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-02T16:15:28Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: xilinx: don\u0027t make a sleepable memory allocation from an atomic context\n\nThe following issue was discovered using lockdep:\n[    6.691371] BUG: sleeping function called from invalid context at include/linux/sched/mm.h:209\n[    6.694602] in_atomic(): 1, irqs_disabled(): 128, non_block: 0, pid: 1, name: swapper/0\n[    6.702431] 2 locks held by swapper/0/1:\n[    6.706300]  #0: ffffff8800f6f188 (\u0026dev-\u003emutex){....}-{3:3}, at: __device_driver_lock+0x4c/0x90\n[    6.714900]  #1: ffffffc009a2abb8 (enable_lock){....}-{2:2}, at: clk_enable_lock+0x4c/0x140\n[    6.723156] irq event stamp: 304030\n[    6.726596] hardirqs last  enabled at (304029): [\u003cffffffc008d17ee0\u003e] _raw_spin_unlock_irqrestore+0xc0/0xd0\n[    6.736142] hardirqs last disabled at (304030): [\u003cffffffc00876bc5c\u003e] clk_enable_lock+0xfc/0x140\n[    6.744742] softirqs last  enabled at (303958): [\u003cffffffc0080904f0\u003e] _stext+0x4f0/0x894\n[    6.752655] softirqs last disabled at (303951): [\u003cffffffc0080e53b8\u003e] irq_exit+0x238/0x280\n[    6.760744] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G     U            5.15.36 #2\n[    6.768048] Hardware name: xlnx,zynqmp (DT)\n[    6.772179] Call trace:\n[    6.774584]  dump_backtrace+0x0/0x300\n[    6.778197]  show_stack+0x18/0x30\n[    6.781465]  dump_stack_lvl+0xb8/0xec\n[    6.785077]  dump_stack+0x1c/0x38\n[    6.788345]  ___might_sleep+0x1a8/0x2a0\n[    6.792129]  __might_sleep+0x6c/0xd0\n[    6.795655]  kmem_cache_alloc_trace+0x270/0x3d0\n[    6.800127]  do_feature_check_call+0x100/0x220\n[    6.804513]  zynqmp_pm_invoke_fn+0x8c/0xb0\n[    6.808555]  zynqmp_pm_clock_getstate+0x90/0xe0\n[    6.813027]  zynqmp_pll_is_enabled+0x8c/0x120\n[    6.817327]  zynqmp_pll_enable+0x38/0xc0\n[    6.821197]  clk_core_enable+0x144/0x400\n[    6.825067]  clk_core_enable+0xd4/0x400\n[    6.828851]  clk_core_enable+0xd4/0x400\n[    6.832635]  clk_core_enable+0xd4/0x400\n[    6.836419]  clk_core_enable+0xd4/0x400\n[    6.840203]  clk_core_enable+0xd4/0x400\n[    6.843987]  clk_core_enable+0xd4/0x400\n[    6.847771]  clk_core_enable+0xd4/0x400\n[    6.851555]  clk_core_enable_lock+0x24/0x50\n[    6.855683]  clk_enable+0x24/0x40\n[    6.858952]  fclk_probe+0x84/0xf0\n[    6.862220]  platform_probe+0x8c/0x110\n[    6.865918]  really_probe+0x110/0x5f0\n[    6.869530]  __driver_probe_device+0xcc/0x210\n[    6.873830]  driver_probe_device+0x64/0x140\n[    6.877958]  __driver_attach+0x114/0x1f0\n[    6.881828]  bus_for_each_dev+0xe8/0x160\n[    6.885698]  driver_attach+0x34/0x50\n[    6.889224]  bus_add_driver+0x228/0x300\n[    6.893008]  driver_register+0xc0/0x1e0\n[    6.896792]  __platform_driver_register+0x44/0x60\n[    6.901436]  fclk_driver_init+0x1c/0x28\n[    6.905220]  do_one_initcall+0x104/0x590\n[    6.909091]  kernel_init_freeable+0x254/0x2bc\n[    6.913390]  kernel_init+0x24/0x130\n[    6.916831]  ret_from_fork+0x10/0x20\n\nFix it by passing the GFP_ATOMIC gfp flag for the corresponding\nmemory allocation.",
  "id": "GHSA-jgfw-fjpj-4wm9",
  "modified": "2025-05-02T18:31:36Z",
  "published": "2025-05-02T18:31:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53099"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/162049c31eb64308afa22e341a257a723526eb5c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/38ed310c22e7a0fc978b1f8292136a4a4a8b3051"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/86afb633beaa02ee95b5126a14c9f22cfade4fd9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9bbab2843f2d1337a268499a1c02b435d2985a17"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b37d3ccbd549494890672136a0e623eb010d46a7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.