CVE-2023-53730
Description
In the Linux kernel, the following vulnerability has been resolved:
blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost
adjust_inuse_and_calc_cost() use spin_lock_irq() and IRQ will be enabled when unlock. DEADLOCK might happen if we have held other locks and disabled IRQ before invoking it.
Fix it by using spin_lock_irqsave() instead, which can keep IRQ state consistent with before when unlock.
================================ WARNING: inconsistent lock state 5.10.0-02758-g8e5f91fd772f #26 Not tainted -------------------------------- inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage. kworker/2:3/388 [HC0[0]:SC0[0]:HE0:SE1] takes: ffff888118c00c28 (&bfqd->lock){?.-.}-{2:2}, at: spin_lock_irq ffff888118c00c28 (&bfqd->lock){?.-.}-{2:2}, at: bfq_bio_merge+0x141/0x390 {IN-HARDIRQ-W} state was registered at: __lock_acquire+0x3d7/0x1070 lock_acquire+0x197/0x4a0 __raw_spin_lock_irqsave _raw_spin_lock_irqsave+0x3b/0x60 bfq_idle_slice_timer_body bfq_idle_slice_timer+0x53/0x1d0 __run_hrtimer+0x477/0xa70 __hrtimer_run_queues+0x1c6/0x2d0 hrtimer_interrupt+0x302/0x9e0 local_apic_timer_interrupt __sysvec_apic_timer_interrupt+0xfd/0x420 run_sysvec_on_irqstack_cond sysvec_apic_timer_interrupt+0x46/0xa0 asm_sysvec_apic_timer_interrupt+0x12/0x20 irq event stamp: 837522 hardirqs last enabled at (837521): [] __raw_spin_unlock_irqrestore hardirqs last enabled at (837521): [] _raw_spin_unlock_irqrestore+0x3d/0x40 hardirqs last disabled at (837522): [] __raw_spin_lock_irq hardirqs last disabled at (837522): [] _raw_spin_lock_irq+0x43/0x50 softirqs last enabled at (835852): [] __do_softirq+0x558/0x8ec softirqs last disabled at (835845): [] asm_call_irq_on_stack+0xf/0x20
other info that might help us debug this: Possible unsafe locking scenario:
CPU0 ---- lock(&bfqd->lock);
lock(&bfqd->lock);
* DEADLOCK *
3 locks held by kworker/2:3/388: #0: ffff888107af0f38 ((wq_completion)kthrotld){+.+.}-{0:0}, at: process_one_work+0x742/0x13f0 #1: ffff8881176bfdd8 ((work_completion)(&td->dispatch_work)){+.+.}-{0:0}, at: process_one_work+0x777/0x13f0 #2: ffff888118c00c28 (&bfqd->lock){?.-.}-{2:2}, at: spin_lock_irq #2: ffff888118c00c28 (&bfqd->lock){?.-.}-{2:2}, at: bfq_bio_merge+0x141/0x390
stack backtrace: CPU: 2 PID: 388 Comm: kworker/2:3 Not tainted 5.10.0-02758-g8e5f91fd772f #26 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 Workqueue: kthrotld blk_throtl_dispatch_work_fn Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x107/0x167 print_usage_bug valid_state mark_lock_irq.cold+0x32/0x3a mark_lock+0x693/0xbc0 mark_held_locks+0x9e/0xe0 __trace_hardirqs_on_caller lockdep_hardirqs_on_prepare.part.0+0x151/0x360 trace_hardirqs_on+0x5b/0x180 __raw_spin_unlock_irq _raw_spin_unlock_irq+0x24/0x40 spin_unlock_irq adjust_inuse_and_calc_cost+0x4fb/0x970 ioc_rqos_merge+0x277/0x740 __rq_qos_merge+0x62/0xb0 rq_qos_merge bio_attempt_back_merge+0x12c/0x4a0 blk_mq_sched_try_merge+0x1b6/0x4d0 bfq_bio_merge+0x24a/0x390 __blk_mq_sched_bio_merge+0xa6/0x460 blk_mq_sched_bio_merge blk_mq_submit_bio+0x2e7/0x1ee0 __submit_bio_noacct_mq+0x175/0x3b0 submit_bio_noacct+0x1fb/0x270 blk_throtl_dispatch_work_fn+0x1ef/0x2b0 process_one_work+0x83e/0x13f0 process_scheduled_works worker_thread+0x7e3/0xd80 kthread+0x353/0x470 ret_from_fork+0x1f/0x30
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In the Linux kernel, a deadlock vulnerability in blk-iocost's adjust_inuse_and_calc_cost function due to improper spin_lock usage.
Vulnerability
Description
The vulnerability resides in the adjust_inuse_and_calc_cost function within the blk-iocost subsystem of the Linux kernel. The function uses spin_lock_irq() to acquire a spinlock, which implicitly enables interrupts on unlock. This creates a lock state inconsistency when the function is called in a context where interrupts are already disabled, potentially leading to a deadlock.
Exploitation
Scenario
The issue is triggered through the bfq_bio_merge path, as evidenced by a lockdep warning. An attacker would need local access to the system to trigger the code path, but no special privileges are required beyond being able to perform I/O operations that invoke the affected function. The vulnerability manifests as a kernel lockdep splat indicating an unsafe locking scenario.
Impact
If exploited, this vulnerability can cause a deadlock in the kernel, leading to a system hang or crash. This results in denial of service. The impact is local, but the attacker must be able to trigger the vulnerable code path.
Mitigation
The fix replaces spin_lock_irq() with spin_lock_irqsave(), which preserves the interrupt state across the lock acquisition. Patches have been applied to the stable kernel branches, as referenced in [1], [2], [3], and [4]. Users should update their kernels to include the fix.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: >= 5.10.0-02758-g8e5f91fd772f
Patches
68563b58a4360eb120c0aff5c8ceeb3fc86a89279a1b74ad93376c4fe2db48d211554679dVulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- git.kernel.org/stable/c/3376c4fe2db4aea2dc721a27a999c41fdb45b54fnvd
- git.kernel.org/stable/c/8563b58a4360e648ce18f0e98a75a4be51667431nvd
- git.kernel.org/stable/c/8ceeb3fc86a83700bb1585c189006080a47e8506nvd
- git.kernel.org/stable/c/8d211554679d0b23702bd32ba04aeac0c1c4f660nvd
- git.kernel.org/stable/c/9279a1b74ad98039d5d44d26b9e7a9cfe655b6d3nvd
- git.kernel.org/stable/c/eb120c0aff5ceab9c9c46b87f302465bbf2bbaednvd
News mentions
0No linked articles in our index yet.