CVE-2026-23168

Summary

In the Linux kernel, the following vulnerability has been resolved:

flex_proportions: make fprop_new_period() hardirq safe

Bernd has reported a lockdep splat from flexible proportions code that is essentially complaining about the following race:

<timer fires> run_timer_softirq - we are in softirq context call_timer_fn writeout_period fprop_new_period write_seqcount_begin(&p->sequence);

    &lt;hardirq is raised&gt;
    ...
    blk_mq_end_request()
  blk_update_request()
    ext4_end_bio()
      folio_end_writeback()
	__wb_writeout_add()
	  __fprop_add_percpu_max()
	    if (unlikely(max_frac &lt; FPROP_FRAC_BASE)) {
	      fprop_fraction_percpu()
		seq = read_seqcount_begin(&amp;p-&gt;sequence);
		  - sees odd sequence so loops indefinitely

Note that a deadlock like this is only possible if the bdi has configured maximum fraction of writeout throughput which is very rare in general but frequent for example for FUSE bdis. To fix this problem we have to make sure write section of the sequence counter is irqsafe.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxa91befde350375b1ff954635acdde14dc92cd9a8 < 0acc9ba7a1b5ba4d998c5753e709be904e179b75affected
LinuxLinuxa91befde350375b1ff954635acdde14dc92cd9a8 < 884b2590ffcc7222cbbd6298051f4c243cc36f5daffected
LinuxLinuxa91befde350375b1ff954635acdde14dc92cd9a8 < 78ede9ebd679dadf480dce6f7b798e3603f88348affected
LinuxLinuxa91befde350375b1ff954635acdde14dc92cd9a8 < b91a84299d72ae0e05551e851e47cd3008bd025baffected
LinuxLinuxa91befde350375b1ff954635acdde14dc92cd9a8 < dd9e2f5b38f1fdd49b1ab6d3a85f81c14369eaccaffected
LinuxLinux6.0affected
LinuxLinux0 < 6.0unaffected
LinuxLinux6.1.162 <= 6.1.*unaffected
LinuxLinux6.6.123 <= 6.6.*unaffected
LinuxLinux6.12.69 <= 6.12.*unaffected
LinuxLinux6.18.9 <= 6.18.*unaffected
LinuxLinux6.19 <= *unaffected

Weaknesses

References