We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-38496

dm-bufio: fix sched in atomic context



Description

In the Linux kernel, the following vulnerability has been resolved: dm-bufio: fix sched in atomic context If "try_verify_in_tasklet" is set for dm-verity, DM_BUFIO_CLIENT_NO_SLEEP is enabled for dm-bufio. However, when bufio tries to evict buffers, there is a chance to trigger scheduling in spin_lock_bh, the following warning is hit: BUG: sleeping function called from invalid context at drivers/md/dm-bufio.c:2745 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 123, name: kworker/2:2 preempt_count: 201, expected: 0 RCU nest depth: 0, expected: 0 4 locks held by kworker/2:2/123: #0: ffff88800a2d1548 ((wq_completion)dm_bufio_cache){....}-{0:0}, at: process_one_work+0xe46/0x1970 #1: ffffc90000d97d20 ((work_completion)(&dm_bufio_replacement_work)){....}-{0:0}, at: process_one_work+0x763/0x1970 #2: ffffffff8555b528 (dm_bufio_clients_lock){....}-{3:3}, at: do_global_cleanup+0x1ce/0x710 #3: ffff88801d5820b8 (&c->spinlock){....}-{2:2}, at: do_global_cleanup+0x2a5/0x710 Preemption disabled at: [<0000000000000000>] 0x0 CPU: 2 UID: 0 PID: 123 Comm: kworker/2:2 Not tainted 6.16.0-rc3-g90548c634bd0 #305 PREEMPT(voluntary) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 Workqueue: dm_bufio_cache do_global_cleanup Call Trace: <TASK> dump_stack_lvl+0x53/0x70 __might_resched+0x360/0x4e0 do_global_cleanup+0x2f5/0x710 process_one_work+0x7db/0x1970 worker_thread+0x518/0xea0 kthread+0x359/0x690 ret_from_fork+0xf3/0x1b0 ret_from_fork_asm+0x1a/0x30 </TASK> That can be reproduced by: veritysetup format --data-block-size=4096 --hash-block-size=4096 /dev/vda /dev/vdb SIZE=$(blockdev --getsz /dev/vda) dmsetup create myverity -r --table "0 $SIZE verity 1 /dev/vda /dev/vdb 4096 4096 <data_blocks> 1 sha256 <root_hash> <salt> 1 try_verify_in_tasklet" mount /dev/dm-0 /mnt -o ro echo 102400 > /sys/module/dm_bufio/parameters/max_cache_size_bytes [read files in /mnt]

Reserved 2025-04-16 | Published 2025-07-28 | Updated 2025-07-28 | Assigner Linux

Product status

Default status
unaffected

450e8dee51aa6fa1dd0f64073e88235f1a77b035 before 469a39a33a9934af157299bf11c58f6e6cb53f85
affected

450e8dee51aa6fa1dd0f64073e88235f1a77b035 before 68860d1ade385eef9fcdbf6552f061283091fdb8
affected

450e8dee51aa6fa1dd0f64073e88235f1a77b035 before 3edfdb1d4ef81320dae0caa40bc24baf8c1bbb86
affected

450e8dee51aa6fa1dd0f64073e88235f1a77b035 before b1bf1a782fdf5c482215c0c661b5da98b8e75773
affected

Default status
affected

6.4
affected

Any version before 6.4
unaffected

6.6.100
unaffected

6.12.40
unaffected

6.15.8
unaffected

6.16
unaffected

References

git.kernel.org/...c/469a39a33a9934af157299bf11c58f6e6cb53f85

git.kernel.org/...c/68860d1ade385eef9fcdbf6552f061283091fdb8

git.kernel.org/...c/3edfdb1d4ef81320dae0caa40bc24baf8c1bbb86

git.kernel.org/...c/b1bf1a782fdf5c482215c0c661b5da98b8e75773

cve.org (CVE-2025-38496)

nvd.nist.gov (CVE-2025-38496)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-38496

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.