Home

Description

In the Linux kernel, the following vulnerability has been resolved: selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context() The following warning was triggered on a hardware environment: SELinux: Converting 162 SID table entries... BUG: sleeping function called from invalid context at __might_sleep+0x60/0x74 0x0 in_atomic(): 1, irqs_disabled(): 128, non_block: 0, pid: 5943, name: tar CPU: 7 PID: 5943 Comm: tar Tainted: P O 5.10.0 #1 Call trace: dump_backtrace+0x0/0x1c8 show_stack+0x18/0x28 dump_stack+0xe8/0x15c ___might_sleep+0x168/0x17c __might_sleep+0x60/0x74 __kmalloc_track_caller+0xa0/0x7dc kstrdup+0x54/0xac convert_context+0x48/0x2e4 sidtab_context_to_sid+0x1c4/0x36c security_context_to_sid_core+0x168/0x238 security_context_to_sid_default+0x14/0x24 inode_doinit_use_xattr+0x164/0x1e4 inode_doinit_with_dentry+0x1c0/0x488 selinux_d_instantiate+0x20/0x34 security_d_instantiate+0x70/0xbc d_splice_alias+0x4c/0x3c0 ext4_lookup+0x1d8/0x200 [ext4] __lookup_slow+0x12c/0x1e4 walk_component+0x100/0x200 path_lookupat+0x88/0x118 filename_lookup+0x98/0x130 user_path_at_empty+0x48/0x60 vfs_statx+0x84/0x140 vfs_fstatat+0x20/0x30 __se_sys_newfstatat+0x30/0x74 __arm64_sys_newfstatat+0x1c/0x2c el0_svc_common.constprop.0+0x100/0x184 do_el0_svc+0x1c/0x2c el0_svc+0x20/0x34 el0_sync_handler+0x80/0x17c el0_sync+0x13c/0x140 SELinux: Context system_u:object_r:pssp_rsyslog_log_t:s0:c0 is not valid (left unmapped). It was found that within a critical section of spin_lock_irqsave in sidtab_context_to_sid(), convert_context() (hooked by sidtab_convert_params.func) might cause the process to sleep via allocating memory with GFP_KERNEL, which is problematic. As Ondrej pointed out [1], convert_context()/sidtab_convert_params.func has another caller sidtab_convert_tree(), which is okay with GFP_KERNEL. Therefore, fix this problem by adding a gfp_t argument for convert_context()/sidtab_convert_params.func and pass GFP_KERNEL/_ATOMIC properly in individual callers. [PM: wrap long BUG() output lines, tweak subject line]

PUBLISHED Reserved 2025-12-24 | Published 2025-12-24 | Updated 2025-12-24 | Assigner Linux

Product status

Default status
unaffected

ee1a84fdfeedfd7362e9a8a8f15fedc3482ade2d (git) before 2723875e9d677401d775a03a72abab7e9538c20c
affected

ee1a84fdfeedfd7362e9a8a8f15fedc3482ade2d (git) before 3006766d247bc93a25b34e92fff2f75bda597e2e
affected

ee1a84fdfeedfd7362e9a8a8f15fedc3482ade2d (git) before 277378631d26477451424cc73982b977961f3d8b
affected

ee1a84fdfeedfd7362e9a8a8f15fedc3482ade2d (git) before abe3c631447dcd1ba7af972fe6f054bee6f136fa
affected

Default status
affected

5.0
affected

Any version before 5.0
unaffected

5.10.152 (semver)
unaffected

5.15.76 (semver)
unaffected

6.0.6 (semver)
unaffected

6.1 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/2723875e9d677401d775a03a72abab7e9538c20c

git.kernel.org/...c/3006766d247bc93a25b34e92fff2f75bda597e2e

git.kernel.org/...c/277378631d26477451424cc73982b977961f3d8b

git.kernel.org/...c/abe3c631447dcd1ba7af972fe6f054bee6f136fa

cve.org (CVE-2022-50699)

nvd.nist.gov (CVE-2022-50699)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.