CVE-2023-53231

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> erofs: Fix detection of atomic context<br /> <br /> Current check for atomic context is not sufficient as<br /> z_erofs_decompressqueue_endio can be called under rcu lock<br /> from blk_mq_flush_plug_list(). See the stacktrace [1]<br /> <br /> In such case we should hand off the decompression work for async<br /> processing rather than trying to do sync decompression in current<br /> context. Patch fixes the detection by checking for<br /> rcu_read_lock_any_held() and while at it use more appropriate<br /> !in_task() check than in_atomic().<br /> <br /> Background: Historically erofs would always schedule a kworker for<br /> decompression which would incur the scheduling cost regardless of<br /> the context. But z_erofs_decompressqueue_endio() may not always<br /> be in atomic context and we could actually benefit from doing the<br /> decompression in z_erofs_decompressqueue_endio() if we are in<br /> thread context, for example when running with dm-verity.<br /> This optimization was later added in patch [2] which has shown<br /> improvement in performance benchmarks.<br /> <br /> ==============================================<br /> [1] Problem stacktrace<br /> [name:core&amp;]BUG: sleeping function called from invalid context at kernel/locking/mutex.c:291<br /> [name:core&amp;]in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 1615, name: CpuMonitorServi<br /> [name:core&amp;]preempt_count: 0, expected: 0<br /> [name:core&amp;]RCU nest depth: 1, expected: 0<br /> CPU: 7 PID: 1615 Comm: CpuMonitorServi Tainted: G S W OE 6.1.25-android14-5-maybe-dirty-mainline #1<br /> Hardware name: MT6897 (DT)<br /> Call trace:<br /> dump_backtrace+0x108/0x15c<br /> show_stack+0x20/0x30<br /> dump_stack_lvl+0x6c/0x8c<br /> dump_stack+0x20/0x48<br /> __might_resched+0x1fc/0x308<br /> __might_sleep+0x50/0x88<br /> mutex_lock+0x2c/0x110<br /> z_erofs_decompress_queue+0x11c/0xc10<br /> z_erofs_decompress_kickoff+0x110/0x1a4<br /> z_erofs_decompressqueue_endio+0x154/0x180<br /> bio_endio+0x1b0/0x1d8<br /> __dm_io_complete+0x22c/0x280<br /> clone_endio+0xe4/0x280<br /> bio_endio+0x1b0/0x1d8<br /> blk_update_request+0x138/0x3a4<br /> blk_mq_plug_issue_direct+0xd4/0x19c<br /> blk_mq_flush_plug_list+0x2b0/0x354<br /> __blk_flush_plug+0x110/0x160<br /> blk_finish_plug+0x30/0x4c<br /> read_pages+0x2fc/0x370<br /> page_cache_ra_unbounded+0xa4/0x23c<br /> page_cache_ra_order+0x290/0x320<br /> do_sync_mmap_readahead+0x108/0x2c0<br /> filemap_fault+0x19c/0x52c<br /> __do_fault+0xc4/0x114<br /> handle_mm_fault+0x5b4/0x1168<br /> do_page_fault+0x338/0x4b4<br /> do_translation_fault+0x40/0x60<br /> do_mem_abort+0x60/0xc8<br /> el0_da+0x4c/0xe0<br /> el0t_64_sync_handler+0xd4/0xfc<br /> el0t_64_sync+0x1a0/0x1a4<br /> <br /> [2] Link: https://lore.kernel.org/all/20210317035448.13921-1-huangjianan@oppo.com/