{
  "threat_severity" : "Low",
  "public_date" : "2025-03-27T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt",
    "id" : "2355436",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2355436"
  },
  "cvss3" : {
    "cvss3_base_score" : "3.3",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
    "status" : "verified"
  },
  "cwe" : "CWE-667",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nocteontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt\nThe commit 4af1b64f80fb (\"octeontx2-pf: Fix lmtst ID used in aura\nfree\") uses the get/put_cpu() to protect the usage of percpu pointer\nin ->aura_freeptr() callback, but it also unnecessarily disable the\npreemption for the blockable memory allocation. The commit 87b93b678e95\n(\"octeontx2-pf: Avoid use of GFP_KERNEL in atomic context\") tried to\nfix these sleep inside atomic warnings. But it only fix the one for\nthe non-rt kernel. For the rt kernel, we still get the similar warnings\nlike below.\nBUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:46\nin_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1, name: swapper/0\npreempt_count: 1, expected: 0\nRCU nest depth: 0, expected: 0\n3 locks held by swapper/0/1:\n#0: ffff800009fc5fe8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock+0x24/0x30\n#1: ffff000100c276c0 (&mbox->lock){+.+.}-{3:3}, at: otx2_init_hw_resources+0x8c/0x3a4\n#2: ffffffbfef6537e0 (&cpu_rcache->lock){+.+.}-{2:2}, at: alloc_iova_fast+0x1ac/0x2ac\nPreemption disabled at:\n[<ffff800008b1908c>] otx2_rq_aura_pool_init+0x14c/0x284\nCPU: 20 PID: 1 Comm: swapper/0 Tainted: G        W          6.2.0-rc3-rt1-yocto-preempt-rt #1\nHardware name: Marvell OcteonTX CN96XX board (DT)\nCall trace:\ndump_backtrace.part.0+0xe8/0xf4\nshow_stack+0x20/0x30\ndump_stack_lvl+0x9c/0xd8\ndump_stack+0x18/0x34\n__might_resched+0x188/0x224\nrt_spin_lock+0x64/0x110\nalloc_iova_fast+0x1ac/0x2ac\niommu_dma_alloc_iova+0xd4/0x110\n__iommu_dma_map+0x80/0x144\niommu_dma_map_page+0xe8/0x260\ndma_map_page_attrs+0xb4/0xc0\n__otx2_alloc_rbuf+0x90/0x150\notx2_rq_aura_pool_init+0x1c8/0x284\notx2_init_hw_resources+0xe4/0x3a4\notx2_open+0xf0/0x610\n__dev_open+0x104/0x224\n__dev_change_flags+0x1e4/0x274\ndev_change_flags+0x2c/0x7c\nic_open_devs+0x124/0x2f8\nip_auto_config+0x180/0x42c\ndo_one_initcall+0x90/0x4dc\ndo_basic_setup+0x10c/0x14c\nkernel_init_freeable+0x10c/0x13c\nkernel_init+0x2c/0x140\nret_from_fork+0x10/0x20\nOf course, we can shuffle the get/put_cpu() to only wrap the invocation\nof ->aura_freeptr() as what commit 87b93b678e95 does. But there are only\ntwo ->aura_freeptr() callbacks, otx2_aura_freeptr() and\ncn10k_aura_freeptr(). There is no usage of perpcu variable in the\notx2_aura_freeptr() at all, so the get/put_cpu() seems redundant to it.\nWe can move the get/put_cpu() into the corresponding callback which\nreally has the percpu variable usage and avoid the sprinkling of\nget/put_cpu() in several places." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-05-09T00:00:00Z",
    "advisory" : "RHSA-2023:2458",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-284.11.1.el9_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-05-09T00:00:00Z",
    "advisory" : "RHSA-2023:2458",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-284.11.1.el9_2"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-53029\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53029\nhttps://lore.kernel.org/linux-cve-announce/2025032720-CVE-2023-53029-a670@gregkh/T" ],
  "name" : "CVE-2023-53029",
  "csaw" : false
}