CVE-2025-38359

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> s390/mm: Fix in_atomic() handling in do_secure_storage_access()<br /> <br /> Kernel user spaces accesses to not exported pages in atomic context<br /> incorrectly try to resolve the page fault.<br /> With debug options enabled call traces like this can be seen:<br /> <br /> BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1523<br /> in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 419074, name: qemu-system-s39<br /> preempt_count: 1, expected: 0<br /> RCU nest depth: 0, expected: 0<br /> INFO: lockdep is turned off.<br /> Preemption disabled at:<br /> [] copy_page_from_iter_atomic+0xa2/0x8a0<br /> CPU: 12 UID: 0 PID: 419074 Comm: qemu-system-s39<br /> Tainted: G W 6.16.0-20250531.rc0.git0.69b3a602feac.63.fc42.s390x+debug #1 PREEMPT<br /> Tainted: [W]=WARN<br /> Hardware name: IBM 3931 A01 703 (LPAR)<br /> Call Trace:<br /> [] dump_stack_lvl+0xa2/0xe8<br /> [] __might_resched+0x292/0x2d0<br /> [] down_read+0x34/0x2d0<br /> [] do_secure_storage_access+0x108/0x360<br /> [] __do_pgm_check+0x130/0x220<br /> [] pgm_check_handler+0x114/0x160<br /> [] copy_page_from_iter_atomic+0x128/0x8a0<br /> ([] copy_page_from_iter_atomic+0x116/0x8a0)<br /> [] generic_perform_write+0x16e/0x310<br /> [] ext4_buffered_write_iter+0x84/0x160<br /> [] vfs_write+0x1c4/0x460<br /> [] ksys_write+0x7c/0x100<br /> [] __do_syscall+0x15e/0x280<br /> [] system_call+0x6e/0x90<br /> INFO: lockdep is turned off.<br /> <br /> It is not allowed to take the mmap_lock while in atomic context. Therefore<br /> handle such a secure storage access fault as if the accessed page is not<br /> mapped: the uaccess function will return -EFAULT, and the caller has to<br /> deal with this. Usually this means that the access is retried in process<br /> context, which allows to resolve the page fault (or in this case export the<br /> page).