{ "threat_severity" : "Low", "public_date" : "2025-10-22T00:00:00Z", "bugzilla" : { "description" : "kernel: blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost", "id" : "2405738", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2405738" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-833", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nblk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost\nadjust_inuse_and_calc_cost() use spin_lock_irq() and IRQ will be enabled\nwhen unlock. DEADLOCK might happen if we have held other locks and disabled\nIRQ before invoking it.\nFix it by using spin_lock_irqsave() instead, which can keep IRQ state\nconsistent with before when unlock.\n================================\nWARNING: inconsistent lock state\n5.10.0-02758-g8e5f91fd772f #26 Not tainted\n--------------------------------\ninconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage.\nkworker/2:3/388 [HC0[0]:SC0[0]:HE0:SE1] takes:\nffff888118c00c28 (&bfqd->lock){?.-.}-{2:2}, at: spin_lock_irq\nffff888118c00c28 (&bfqd->lock){?.-.}-{2:2}, at: bfq_bio_merge+0x141/0x390\n{IN-HARDIRQ-W} state was registered at:\n__lock_acquire+0x3d7/0x1070\nlock_acquire+0x197/0x4a0\n__raw_spin_lock_irqsave\n_raw_spin_lock_irqsave+0x3b/0x60\nbfq_idle_slice_timer_body\nbfq_idle_slice_timer+0x53/0x1d0\n__run_hrtimer+0x477/0xa70\n__hrtimer_run_queues+0x1c6/0x2d0\nhrtimer_interrupt+0x302/0x9e0\nlocal_apic_timer_interrupt\n__sysvec_apic_timer_interrupt+0xfd/0x420\nrun_sysvec_on_irqstack_cond\nsysvec_apic_timer_interrupt+0x46/0xa0\nasm_sysvec_apic_timer_interrupt+0x12/0x20\nirq event stamp: 837522\nhardirqs last enabled at (837521): [] __raw_spin_unlock_irqrestore\nhardirqs last enabled at (837521): [] _raw_spin_unlock_irqrestore+0x3d/0x40\nhardirqs last disabled at (837522): [] __raw_spin_lock_irq\nhardirqs last disabled at (837522): [] _raw_spin_lock_irq+0x43/0x50\nsoftirqs last enabled at (835852): [] __do_softirq+0x558/0x8ec\nsoftirqs last disabled at (835845): [] asm_call_irq_on_stack+0xf/0x20\nother info that might help us debug this:\nPossible unsafe locking scenario:\nCPU0\n----\nlock(&bfqd->lock);\n\nlock(&bfqd->lock);\n*** DEADLOCK ***\n3 locks held by kworker/2:3/388:\n#0: ffff888107af0f38 ((wq_completion)kthrotld){+.+.}-{0:0}, at: process_one_work+0x742/0x13f0\n#1: ffff8881176bfdd8 ((work_completion)(&td->dispatch_work)){+.+.}-{0:0}, at: process_one_work+0x777/0x13f0\n#2: ffff888118c00c28 (&bfqd->lock){?.-.}-{2:2}, at: spin_lock_irq\n#2: ffff888118c00c28 (&bfqd->lock){?.-.}-{2:2}, at: bfq_bio_merge+0x141/0x390\nstack backtrace:\nCPU: 2 PID: 388 Comm: kworker/2:3 Not tainted 5.10.0-02758-g8e5f91fd772f #26\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\nWorkqueue: kthrotld blk_throtl_dispatch_work_fn\nCall Trace:\n__dump_stack lib/dump_stack.c:77 [inline]\ndump_stack+0x107/0x167\nprint_usage_bug\nvalid_state\nmark_lock_irq.cold+0x32/0x3a\nmark_lock+0x693/0xbc0\nmark_held_locks+0x9e/0xe0\n__trace_hardirqs_on_caller\nlockdep_hardirqs_on_prepare.part.0+0x151/0x360\ntrace_hardirqs_on+0x5b/0x180\n__raw_spin_unlock_irq\n_raw_spin_unlock_irq+0x24/0x40\nspin_unlock_irq\nadjust_inuse_and_calc_cost+0x4fb/0x970\nioc_rqos_merge+0x277/0x740\n__rq_qos_merge+0x62/0xb0\nrq_qos_merge\nbio_attempt_back_merge+0x12c/0x4a0\nblk_mq_sched_try_merge+0x1b6/0x4d0\nbfq_bio_merge+0x24a/0x390\n__blk_mq_sched_bio_merge+0xa6/0x460\nblk_mq_sched_bio_merge\nblk_mq_submit_bio+0x2e7/0x1ee0\n__submit_bio_noacct_mq+0x175/0x3b0\nsubmit_bio_noacct+0x1fb/0x270\nblk_throtl_dispatch_work_fn+0x1ef/0x2b0\nprocess_one_work+0x83e/0x13f0\nprocess_scheduled_works\nworker_thread+0x7e3/0xd80\nkthread+0x353/0x470\nret_from_fork+0x1f/0x30" ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-04-30T00:00:00Z", "advisory" : "RHSA-2024:2394", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-427.13.1.el9_4" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-04-30T00:00:00Z", "advisory" : "RHSA-2024:2394", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-427.13.1.el9_4" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-53730\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53730\nhttps://lore.kernel.org/linux-cve-announce/2025102216-CVE-2023-53730-d257@gregkh/T" ], "name" : "CVE-2023-53730", "csaw" : false }