{"id":"CVE-2023-54160","summary":"firmware: arm_sdei: Fix sleep from invalid context BUG","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: arm_sdei: Fix sleep from invalid context BUG\n\nRunning a preempt-rt (v6.2-rc3-rt1) based kernel on an Ampere Altra\ntriggers:\n\n  BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:46\n  in_atomic(): 0, irqs_disabled(): 128, non_block: 0, pid: 24, name: cpuhp/0\n  preempt_count: 0, expected: 0\n  RCU nest depth: 0, expected: 0\n  3 locks held by cpuhp/0/24:\n    #0: ffffda30217c70d0 (cpu_hotplug_lock){++++}-{0:0}, at: cpuhp_thread_fun+0x5c/0x248\n    #1: ffffda30217c7120 (cpuhp_state-up){+.+.}-{0:0}, at: cpuhp_thread_fun+0x5c/0x248\n    #2: ffffda3021c711f0 (sdei_list_lock){....}-{3:3}, at: sdei_cpuhp_up+0x3c/0x130\n  irq event stamp: 36\n  hardirqs last  enabled at (35): [\u003cffffda301e85b7bc\u003e] finish_task_switch+0xb4/0x2b0\n  hardirqs last disabled at (36): [\u003cffffda301e812fec\u003e] cpuhp_thread_fun+0x21c/0x248\n  softirqs last  enabled at (0): [\u003cffffda301e80b184\u003e] copy_process+0x63c/0x1ac0\n  softirqs last disabled at (0): [\u003c0000000000000000\u003e] 0x0\n  CPU: 0 PID: 24 Comm: cpuhp/0 Not tainted 5.19.0-rc3-rt5-[...]\n  Hardware name: WIWYNN Mt.Jade Server [...]\n  Call trace:\n    dump_backtrace+0x114/0x120\n    show_stack+0x20/0x70\n    dump_stack_lvl+0x9c/0xd8\n    dump_stack+0x18/0x34\n    __might_resched+0x188/0x228\n    rt_spin_lock+0x70/0x120\n    sdei_cpuhp_up+0x3c/0x130\n    cpuhp_invoke_callback+0x250/0xf08\n    cpuhp_thread_fun+0x120/0x248\n    smpboot_thread_fn+0x280/0x320\n    kthread+0x130/0x140\n    ret_from_fork+0x10/0x20\n\nsdei_cpuhp_up() is called in the STARTING hotplug section,\nwhich runs with interrupts disabled. Use a CPUHP_AP_ONLINE_DYN entry\ninstead to execute the cpuhp cb later, with preemption enabled.\n\nSDEI originally got its own cpuhp slot to allow interacting\nwith perf. It got superseded by pNMI and this early slot is not\nrelevant anymore. [1]\n\nSome SDEI calls (e.g. SDEI_1_0_FN_SDEI_PE_MASK) take actions on the\ncalling CPU. It is checked that preemption is disabled for them.\n_ONLINE cpuhp cb are executed in the 'per CPU hotplug thread'.\nPreemption is enabled in those threads, but their cpumask is limited\nto 1 CPU.\nMove 'WARN_ON_ONCE(preemptible())' statements so that SDEI cpuhp cb\ndon't trigger them.\n\nAlso add a check for the SDEI_1_0_FN_SDEI_PRIVATE_RESET SDEI call\nwhich acts on the calling CPU.\n\n[1]:\nhttps://lore.kernel.org/all/5813b8c5-ae3e-87fd-fccc-94c9cd08816d@arm.com/","modified":"2026-03-20T12:33:28.631643Z","published":"2025-12-24T13:07:08.883Z","database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/54xxx/CVE-2023-54160.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/18d5ea5b746120a3972e6c347ad9428228445327"},{"type":"WEB","url":"https://git.kernel.org/stable/c/48ac727ea4a3577eb1b4e24f807ba532c47930f9"},{"type":"WEB","url":"https://git.kernel.org/stable/c/59842a9ba27d5390ae5bf3233a92cad3a26d495c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/66caf22787714c925e755719c293aaf3cb0b873b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7d8f5ccc826b39e05ff252b1fccd808c7a0725e0"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a8267bc8de736cae927165191b52fbc20d101dd1"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d2c48b2387eb89e0bf2a2e06e30987cf410acad4"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/54xxx/CVE-2023-54160.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-54160"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"f92b5462a2f22d13a75dc663f7b2fac16a3e61cb"},{"fixed":"59842a9ba27d5390ae5bf3233a92cad3a26d495c"},{"fixed":"48ac727ea4a3577eb1b4e24f807ba532c47930f9"},{"fixed":"7d8f5ccc826b39e05ff252b1fccd808c7a0725e0"},{"fixed":"66caf22787714c925e755719c293aaf3cb0b873b"},{"fixed":"a8267bc8de736cae927165191b52fbc20d101dd1"},{"fixed":"18d5ea5b746120a3972e6c347ad9428228445327"},{"fixed":"d2c48b2387eb89e0bf2a2e06e30987cf410acad4"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-54160.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"4.16.0"},{"fixed":"4.19.284"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.20.0"},{"fixed":"5.4.244"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.5.0"},{"fixed":"5.10.181"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.113"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.30"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.3.4"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-54160.json"}}],"schema_version":"1.7.5"}