CVE-2025-38496 Information
Description
In the Linux kernel the following vulnerability has been resolved:
dm-bufio: fix sched in atomic context
If ry_verify_in_tasklet\ is set for dm-verity DM_BUFIO_CLIENT_NO_SLEEP is enabled for dm-bufio. However when bufio tries to evict buffers there is a chance to trigger scheduling in spin_lock_bh the following warning is hit:
BUG: sleeping function called from invalid context at drivers/md/dm-bufio.c:2745
in_atomic(): 1 irqs_disabled(): 0 non_block: 0 pid: 123 name: kworker/2:2
preempt_count: 201 expected: 0
RCU nest depth: 0 expected: 0
4 locks held by kworker/2:2/123:
0: ffff88800a2d1548 ((wq_completion)dm_bufio_cache)….-0:0 at: process_one_work+0xe46/0x1970
1: ffffc90000d97d20 ((work_completion)(&dm_bufio_replacement_work))….-0:0 at: process_one_work+0x763/0x1970
2: ffffffff8555b528 (dm_bufio_clients_lock)….-3:3 at: do_global_cleanup+0x1ce/0x710
3: ffff88801d5820b8 (&c->spinlock)….-2:2 at: do_global_cleanup+0x2a5/0x710
Preemption disabled at:
[<0000000000000000>] 0x0
CPU: 2 UID: 0 PID: 123 Comm: kworker/2:2 Not tainted 6.16.0-rc3-g90548c634bd0 305 PREEMPT(voluntary)
Hardware name: QEMU Standard PC (i440FX + PIIX 1996) BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
Workqueue: dm_bufio_cache do_global_cleanup
Call Trace:
That can be reproduced by:
veritysetup format –data-block-size=4096 –hash-block-size=4096 /dev/vda /dev/vdb
SIZE=$(blockdev –getsz /dev/vda)
dmsetup create myverity -r –table �$SIZE verity 1 /dev/vda /dev/vdb 4096 4096 <data_blocks> 1 sha256 <root_hash>
Reference
https://git.kernel.org/stable/c/3edfdb1d4ef81320dae0caa40bc24baf8c1bbb86 https://git.kernel.org/stable/c/469a39a33a9934af157299bf11c58f6e6cb53f85 https://git.kernel.org/stable/c/68860d1ade385eef9fcdbf6552f061283091fdb8 https://git.kernel.org/stable/c/b1bf1a782fdf5c482215c0c661b5da98b8e75773
Related CNNVD
CNNVD-202507-3447 (Published: 2025-07-28)
Share on: