CVE-2025-38626
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to trigger foreground gc during f2fs_map_blocks() in lfs mode
w/ "mode=lfs" mount option, generic/299 will cause system panic as below:
————[ cut here ]———— kernel BUG at fs/f2fs/segment.c:2835! Call Trace: <TASK> f2fs_allocate_data_block+0x6f4/0xc50 f2fs_map_blocks+0x970/0x1550 f2fs_iomap_begin+0xb2/0x1e0 iomap_iter+0x1d6/0x430 __iomap_dio_rw+0x208/0x9a0 f2fs_file_write_iter+0x6b3/0xfa0 aio_write+0x15d/0x2e0 io_submit_one+0x55e/0xab0 __x64_sys_io_submit+0xa5/0x230 do_syscall_64+0x84/0x2f0 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0010:new_curseg+0x70f/0x720
The root cause of we run out-of-space is: in f2fs_map_blocks(), f2fs may trigger foreground gc only if it allocates any physical block, it will be a little bit later when there is multiple threads writing data w/ aio/dio/bufio method in parallel, since we always use OPU in lfs mode, so f2fs_map_blocks() does block allocations aggressively.
In order to fix this issue, let's give a chance to trigger foreground gc in prior to block allocation in f2fs_map_blocks().
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 36abef4e796d382e81a0c2d21ea5327481dd7154 < c737047f4665232d1e26b3620bc62df334545451 | affected |
| Linux | Linux | 36abef4e796d382e81a0c2d21ea5327481dd7154 < d2f280f43a2a9d918fd23169ff3a6f3b65c7cec5 | affected |
| Linux | Linux | 36abef4e796d382e81a0c2d21ea5327481dd7154 < f289690f50a01c3e085d87853392d5b7436a4cee | affected |
| Linux | Linux | 36abef4e796d382e81a0c2d21ea5327481dd7154 < 82765ce5c7a56f9309ee45328e763610eaf11253 | affected |
| Linux | Linux | 36abef4e796d382e81a0c2d21ea5327481dd7154 < 264ede8a52f18647ed5bb5f2bd9bf54f556ad8f5 | affected |
| Linux | Linux | 36abef4e796d382e81a0c2d21ea5327481dd7154 < 385e64a0744584397b4b52b27c96703516f39968 | affected |
| Linux | Linux | 36abef4e796d382e81a0c2d21ea5327481dd7154 < 1005a3ca28e90c7a64fa43023f866b960a60f791 | affected |
| Linux | Linux | 4.8 | affected |
| Linux | Linux | 0 < 4.8 | unaffected |
| Linux | Linux | 5.15.209 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.167 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.102 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.42 <= 6.12.* | unaffected |
| Linux | Linux | 6.15.10 <= 6.15.* | unaffected |
| Linux | Linux | 6.16.1 <= 6.16.* | unaffected |
| Linux | Linux | 6.17 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/c737047f4665232d1e26b3620bc62df334545451
- https://git.kernel.org/stable/c/d2f280f43a2a9d918fd23169ff3a6f3b65c7cec5
- https://git.kernel.org/stable/c/f289690f50a01c3e085d87853392d5b7436a4cee
- https://git.kernel.org/stable/c/82765ce5c7a56f9309ee45328e763610eaf11253
- https://git.kernel.org/stable/c/264ede8a52f18647ed5bb5f2bd9bf54f556ad8f5
- https://git.kernel.org/stable/c/385e64a0744584397b4b52b27c96703516f39968
- https://git.kernel.org/stable/c/1005a3ca28e90c7a64fa43023f866b960a60f791
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.