{
  "schema_version": "1.4.0",
  "id": "GHSA-72rq-7p7f-9f9j",
  "modified": "2025-09-15T15:31:29Z",
  "published": "2025-09-15T15:31:29Z",
  "aliases": [
    "CVE-2023-53231"
  ],
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: Fix detection of atomic context\n\nCurrent check for atomic context is not sufficient as\nz_erofs_decompressqueue_endio can be called under rcu lock\nfrom blk_mq_flush_plug_list(). See the stacktrace [1]\n\nIn such case we should hand off the decompression work for async\nprocessing rather than trying to do sync decompression in current\ncontext. Patch fixes the detection by checking for\nrcu_read_lock_any_held() and while at it use more appropriate\n!in_task() check than in_atomic().\n\nBackground: Historically erofs would always schedule a kworker for\ndecompression which would incur the scheduling cost regardless of\nthe context. But z_erofs_decompressqueue_endio() may not always\nbe in atomic context and we could actually benefit from doing the\ndecompression in z_erofs_decompressqueue_endio() if we are in\nthread context, for example when running with dm-verity.\nThis optimization was later added in patch [2] which has shown\nimprovement in performance benchmarks.\n\n==============================================\n[1] Problem stacktrace\n[name:core&]BUG: sleeping function called from invalid context at kernel/locking/mutex.c:291\n[name:core&]in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 1615, name: CpuMonitorServi\n[name:core&]preempt_count: 0, expected: 0\n[name:core&]RCU nest depth: 1, expected: 0\nCPU: 7 PID: 1615 Comm: CpuMonitorServi Tainted: G S      W  OE      6.1.25-android14-5-maybe-dirty-mainline #1\nHardware name: MT6897 (DT)\nCall trace:\n dump_backtrace+0x108/0x15c\n show_stack+0x20/0x30\n dump_stack_lvl+0x6c/0x8c\n dump_stack+0x20/0x48\n __might_resched+0x1fc/0x308\n __might_sleep+0x50/0x88\n mutex_lock+0x2c/0x110\n z_erofs_decompress_queue+0x11c/0xc10\n z_erofs_decompress_kickoff+0x110/0x1a4\n z_erofs_decompressqueue_endio+0x154/0x180\n bio_endio+0x1b0/0x1d8\n __dm_io_complete+0x22c/0x280\n clone_endio+0xe4/0x280\n bio_endio+0x1b0/0x1d8\n blk_update_request+0x138/0x3a4\n blk_mq_plug_issue_direct+0xd4/0x19c\n blk_mq_flush_plug_list+0x2b0/0x354\n __blk_flush_plug+0x110/0x160\n blk_finish_plug+0x30/0x4c\n read_pages+0x2fc/0x370\n page_cache_ra_unbounded+0xa4/0x23c\n page_cache_ra_order+0x290/0x320\n do_sync_mmap_readahead+0x108/0x2c0\n filemap_fault+0x19c/0x52c\n __do_fault+0xc4/0x114\n handle_mm_fault+0x5b4/0x1168\n do_page_fault+0x338/0x4b4\n do_translation_fault+0x40/0x60\n do_mem_abort+0x60/0xc8\n el0_da+0x4c/0xe0\n el0t_64_sync_handler+0xd4/0xfc\n el0t_64_sync+0x1a0/0x1a4\n\n[2] Link: https://lore.kernel.org/all/20210317035448.13921-1-huangjianan@oppo.com/",
  "severity": [],
  "affected": [],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53231"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/12d0a24afd9ea58e581ea64d64e066f2027b28d9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/597fb60c75132719687e173b75cab8f6eb1ca657"
    }
  ],
  "database_specific": {
    "cwe_ids": [],
    "severity": null,
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-15T15:15:50Z"
  }
}