Re: CVE-2025-40146: blk-mq: fix potential deadlock while nr_requests grown

From: Zheng Qixing

Date: Fri Nov 28 2025 - 23:01:46 EST

Sorry for resending this message.


Commit 28307d938fb2 ("percpu: make pcpu_alloc() aware of current gfp context") has fixed a reclaim recursion for scoped GFP_NOFS context by avoiding taking pcpu_alloc_mutex.

@@ -1569,6 +1569,12 @@ static void __percpu *pcpu_alloc(size_t size, size_t align, bool reserved,
     void __percpu *ptr;
     size_t bits, bit_align;

+    gfp = current_gfp_context(gfp);
+    /* whitelisted flags that can be passed to the backing allocators */
+    pcpu_gfp = gfp & (GFP_KERNEL | __GFP_NORETRY | __GFP_NOWARN);
+    is_atomic = (gfp & GFP_KERNEL) != GFP_KERNEL;
+    do_warn = !(gfp & __GFP_NOWARN);


Commit 9a5b183941b5 ("mm, percpu: do not consider sleepable allocations atomic") fixes premature allocation failures in certain scenarios. However, this change made it possible to acquire the pcpu_alloc_mutex under GFP_NOIO scope.

@@ -1745,7 +1745,7 @@ void __percpu *pcpu_alloc_noprof(size_t size, size_t align, bool reserved,
     gfp = current_gfp_context(gfp);
     /* whitelisted flags that can be passed to the backing allocators */
     pcpu_gfp = gfp & (GFP_KERNEL | __GFP_NORETRY | __GFP_NOWARN);
-    is_atomic = (gfp & GFP_KERNEL) != GFP_KERNEL;
+    is_atomic = !gfpflags_allow_blocking(gfp);
     do_warn = !(gfp & __GFP_NOWARN);


Here's the relevant commit timeline:

e3a2b3f931f5 ("blk-mq: allow changing of queue depth through sysfs")            v3.16-rc1

28307d938fb2 ("percpu: make pcpu_alloc() aware of current gfp context")         v5.7-rc5

9a5b183941b5 ("mm, percpu: do not consider sleepable allocations atomic")    v6.15-rc1

b86433721f46 ("blk-mq: fix potential deadlock while nr_requests grown")          v6.18-rc1


This means that in the Linux master branch, this deadlock issue *did not exist* during the version window from v5.7-rc5 to v6.15-rc1. After analyzing the LTS versions, I found that linux-5.7.y through linux-6.13.y should also not have this deadlock issue.

If you have any questions or concerns, please feel free to discuss further.


Best regards,

Qixing