FKIE_CVE-2023-53760
Vulnerability from fkie_nvd - Published: 2025-12-08 02:15 - Updated: 2025-12-08 18:26
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: ufs: core: mcq: Fix &hwq->cq_lock deadlock issue
When ufshcd_err_handler() is executed, CQ event interrupt can enter waiting
for the same lock. This can happen in ufshcd_handle_mcq_cq_events() and
also in ufs_mtk_mcq_intr(). The following warning message will be generated
when &hwq->cq_lock is used in IRQ context with IRQ enabled. Use
ufshcd_mcq_poll_cqe_lock() with spin_lock_irqsave instead of spin_lock to
resolve the deadlock issue.
[name:lockdep&]WARNING: inconsistent lock state
[name:lockdep&]--------------------------------
[name:lockdep&]inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage.
[name:lockdep&]kworker/u16:4/260 [HC0[0]:SC0[0]:HE1:SE1] takes:
ffffff8028444600 (&hwq->cq_lock){?.-.}-{2:2}, at:
ufshcd_mcq_poll_cqe_lock+0x30/0xe0
[name:lockdep&]{IN-HARDIRQ-W} state was registered at:
lock_acquire+0x17c/0x33c
_raw_spin_lock+0x5c/0x7c
ufshcd_mcq_poll_cqe_lock+0x30/0xe0
ufs_mtk_mcq_intr+0x60/0x1bc [ufs_mediatek_mod]
__handle_irq_event_percpu+0x140/0x3ec
handle_irq_event+0x50/0xd8
handle_fasteoi_irq+0x148/0x2b0
generic_handle_domain_irq+0x4c/0x6c
gic_handle_irq+0x58/0x134
call_on_irq_stack+0x40/0x74
do_interrupt_handler+0x84/0xe4
el1_interrupt+0x3c/0x78
<snip>
Possible unsafe locking scenario:
CPU0
----
lock(&hwq->cq_lock);
<Interrupt>
lock(&hwq->cq_lock);
*** DEADLOCK ***
2 locks held by kworker/u16:4/260:
[name:lockdep&]
stack backtrace:
CPU: 7 PID: 260 Comm: kworker/u16:4 Tainted: G S W OE
6.1.17-mainline-android14-2-g277223301adb #1
Workqueue: ufs_eh_wq_0 ufshcd_err_handler
Call trace:
dump_backtrace+0x10c/0x160
show_stack+0x20/0x30
dump_stack_lvl+0x98/0xd8
dump_stack+0x20/0x60
print_usage_bug+0x584/0x76c
mark_lock_irq+0x488/0x510
mark_lock+0x1ec/0x25c
__lock_acquire+0x4d8/0xffc
lock_acquire+0x17c/0x33c
_raw_spin_lock+0x5c/0x7c
ufshcd_mcq_poll_cqe_lock+0x30/0xe0
ufshcd_poll+0x68/0x1b0
ufshcd_transfer_req_compl+0x9c/0xc8
ufshcd_err_handler+0x3bc/0xea0
process_one_work+0x2f4/0x7e8
worker_thread+0x234/0x450
kthread+0x110/0x134
ret_from_fork+0x10/0x20
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: mcq: Fix \u0026hwq-\u003ecq_lock deadlock issue\n\nWhen ufshcd_err_handler() is executed, CQ event interrupt can enter waiting\nfor the same lock. This can happen in ufshcd_handle_mcq_cq_events() and\nalso in ufs_mtk_mcq_intr(). The following warning message will be generated\nwhen \u0026hwq-\u003ecq_lock is used in IRQ context with IRQ enabled. Use\nufshcd_mcq_poll_cqe_lock() with spin_lock_irqsave instead of spin_lock to\nresolve the deadlock issue.\n\n[name:lockdep\u0026]WARNING: inconsistent lock state\n[name:lockdep\u0026]--------------------------------\n[name:lockdep\u0026]inconsistent {IN-HARDIRQ-W} -\u003e {HARDIRQ-ON-W} usage.\n[name:lockdep\u0026]kworker/u16:4/260 [HC0[0]:SC0[0]:HE1:SE1] takes:\n ffffff8028444600 (\u0026hwq-\u003ecq_lock){?.-.}-{2:2}, at:\nufshcd_mcq_poll_cqe_lock+0x30/0xe0\n[name:lockdep\u0026]{IN-HARDIRQ-W} state was registered at:\n lock_acquire+0x17c/0x33c\n _raw_spin_lock+0x5c/0x7c\n ufshcd_mcq_poll_cqe_lock+0x30/0xe0\n ufs_mtk_mcq_intr+0x60/0x1bc [ufs_mediatek_mod]\n __handle_irq_event_percpu+0x140/0x3ec\n handle_irq_event+0x50/0xd8\n handle_fasteoi_irq+0x148/0x2b0\n generic_handle_domain_irq+0x4c/0x6c\n gic_handle_irq+0x58/0x134\n call_on_irq_stack+0x40/0x74\n do_interrupt_handler+0x84/0xe4\n el1_interrupt+0x3c/0x78\n\u003csnip\u003e\n\nPossible unsafe locking scenario:\n CPU0\n ----\n lock(\u0026hwq-\u003ecq_lock);\n \u003cInterrupt\u003e\n lock(\u0026hwq-\u003ecq_lock);\n *** DEADLOCK ***\n2 locks held by kworker/u16:4/260:\n\n[name:lockdep\u0026]\n stack backtrace:\nCPU: 7 PID: 260 Comm: kworker/u16:4 Tainted: G S W OE\n6.1.17-mainline-android14-2-g277223301adb #1\nWorkqueue: ufs_eh_wq_0 ufshcd_err_handler\n\n Call trace:\n dump_backtrace+0x10c/0x160\n show_stack+0x20/0x30\n dump_stack_lvl+0x98/0xd8\n dump_stack+0x20/0x60\n print_usage_bug+0x584/0x76c\n mark_lock_irq+0x488/0x510\n mark_lock+0x1ec/0x25c\n __lock_acquire+0x4d8/0xffc\n lock_acquire+0x17c/0x33c\n _raw_spin_lock+0x5c/0x7c\n ufshcd_mcq_poll_cqe_lock+0x30/0xe0\n ufshcd_poll+0x68/0x1b0\n ufshcd_transfer_req_compl+0x9c/0xc8\n ufshcd_err_handler+0x3bc/0xea0\n process_one_work+0x2f4/0x7e8\n worker_thread+0x234/0x450\n kthread+0x110/0x134\n ret_from_fork+0x10/0x20"
}
],
"id": "CVE-2023-53760",
"lastModified": "2025-12-08T18:26:19.900",
"metrics": {},
"published": "2025-12-08T02:15:51.783",
"references": [
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/2ce8c49c7b53e0a2258b833eeab16a6d78f732d1"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/948afc69615167a3c82430f99bfd046332b89912"
}
],
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Awaiting Analysis"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…