CVE-2025-38040

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> serial: mctrl_gpio: split disable_ms into sync and no_sync APIs<br /> <br /> The following splat has been observed on a SAMA5D27 platform using<br /> atmel_serial:<br /> <br /> BUG: sleeping function called from invalid context at kernel/irq/manage.c:738<br /> in_atomic(): 1, irqs_disabled(): 128, non_block: 0, pid: 27, name: kworker/u5:0<br /> preempt_count: 1, expected: 0<br /> INFO: lockdep is turned off.<br /> irq event stamp: 0<br /> hardirqs last enabled at (0): [] 0x0<br /> hardirqs last disabled at (0): [] copy_process+0x1c4c/0x7bec<br /> softirqs last enabled at (0): [] copy_process+0x1ca0/0x7bec<br /> softirqs last disabled at (0): [] 0x0<br /> CPU: 0 UID: 0 PID: 27 Comm: kworker/u5:0 Not tainted 6.13.0-rc7+ #74<br /> Hardware name: Atmel SAMA5<br /> Workqueue: hci0 hci_power_on [bluetooth]<br /> Call trace:<br /> unwind_backtrace from show_stack+0x18/0x1c<br /> show_stack from dump_stack_lvl+0x44/0x70<br /> dump_stack_lvl from __might_resched+0x38c/0x598<br /> __might_resched from disable_irq+0x1c/0x48<br /> disable_irq from mctrl_gpio_disable_ms+0x74/0xc0<br /> mctrl_gpio_disable_ms from atmel_disable_ms.part.0+0x80/0x1f4<br /> atmel_disable_ms.part.0 from atmel_set_termios+0x764/0x11e8<br /> atmel_set_termios from uart_change_line_settings+0x15c/0x994<br /> uart_change_line_settings from uart_set_termios+0x2b0/0x668<br /> uart_set_termios from tty_set_termios+0x600/0x8ec<br /> tty_set_termios from ttyport_set_flow_control+0x188/0x1e0<br /> ttyport_set_flow_control from wilc_setup+0xd0/0x524 [hci_wilc]<br /> wilc_setup [hci_wilc] from hci_dev_open_sync+0x330/0x203c [bluetooth]<br /> hci_dev_open_sync [bluetooth] from hci_dev_do_open+0x40/0xb0 [bluetooth]<br /> hci_dev_do_open [bluetooth] from hci_power_on+0x12c/0x664 [bluetooth]<br /> hci_power_on [bluetooth] from process_one_work+0x998/0x1a38<br /> process_one_work from worker_thread+0x6e0/0xfb4<br /> worker_thread from kthread+0x3d4/0x484<br /> kthread from ret_from_fork+0x14/0x28<br /> <br /> This warning is emitted when trying to toggle, at the highest level,<br /> some flow control (with serdev_device_set_flow_control) in a device<br /> driver. At the lowest level, the atmel_serial driver is using<br /> serial_mctrl_gpio lib to enable/disable the corresponding IRQs<br /> accordingly. The warning emitted by CONFIG_DEBUG_ATOMIC_SLEEP is due to<br /> disable_irq (called in mctrl_gpio_disable_ms) being possibly called in<br /> some atomic context (some tty drivers perform modem lines configuration<br /> in regions protected by port lock).<br /> <br /> Split mctrl_gpio_disable_ms into two differents APIs, a non-blocking one<br /> and a blocking one. Replace mctrl_gpio_disable_ms calls with the<br /> relevant version depending on whether the call is protected by some port<br /> lock.