CVE-2026-23050

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> pNFS: Fix a deadlock when returning a delegation during open()<br /> <br /> Ben Coddington reports seeing a hang in the following stack trace:<br /> 0 [ffffd0b50e1774e0] __schedule at ffffffff9ca05415<br /> 1 [ffffd0b50e177548] schedule at ffffffff9ca05717<br /> 2 [ffffd0b50e177558] bit_wait at ffffffff9ca061e1<br /> 3 [ffffd0b50e177568] __wait_on_bit at ffffffff9ca05cfb<br /> 4 [ffffd0b50e1775c8] out_of_line_wait_on_bit at ffffffff9ca05ea5<br /> 5 [ffffd0b50e177618] pnfs_roc at ffffffffc154207b [nfsv4]<br /> 6 [ffffd0b50e1776b8] _nfs4_proc_delegreturn at ffffffffc1506586 [nfsv4]<br /> 7 [ffffd0b50e177788] nfs4_proc_delegreturn at ffffffffc1507480 [nfsv4]<br /> 8 [ffffd0b50e1777f8] nfs_do_return_delegation at ffffffffc1523e41 [nfsv4]<br /> 9 [ffffd0b50e177838] nfs_inode_set_delegation at ffffffffc1524a75 [nfsv4]<br /> 10 [ffffd0b50e177888] nfs4_process_delegation at ffffffffc14f41dd [nfsv4]<br /> 11 [ffffd0b50e1778a0] _nfs4_opendata_to_nfs4_state at ffffffffc1503edf [nfsv4]<br /> 12 [ffffd0b50e1778c0] _nfs4_open_and_get_state at ffffffffc1504e56 [nfsv4]<br /> 13 [ffffd0b50e177978] _nfs4_do_open at ffffffffc15051b8 [nfsv4]<br /> 14 [ffffd0b50e1779f8] nfs4_do_open at ffffffffc150559c [nfsv4]<br /> 15 [ffffd0b50e177a80] nfs4_atomic_open at ffffffffc15057fb [nfsv4]<br /> 16 [ffffd0b50e177ad0] nfs4_file_open at ffffffffc15219be [nfsv4]<br /> 17 [ffffd0b50e177b78] do_dentry_open at ffffffff9c09e6ea<br /> 18 [ffffd0b50e177ba8] vfs_open at ffffffff9c0a082e<br /> 19 [ffffd0b50e177bd0] dentry_open at ffffffff9c0a0935<br /> <br /> The issue is that the delegreturn is being asked to wait for a layout<br /> return that cannot complete because a state recovery was initiated. The<br /> state recovery cannot complete until the open() finishes processing the<br /> delegations it was given.<br /> <br /> The solution is to propagate the existing flags that indicate a<br /> non-blocking call to the function pnfs_roc(), so that it knows not to<br /> wait in this situation.