fkie_cve-2025-38626
Vulnerability from fkie_nvd
Published
2025-08-22 16:15
Modified
2025-08-22 18:08
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to trigger foreground gc during f2fs_map_blocks() in lfs mode
w/ "mode=lfs" mount option, generic/299 will cause system panic as below:
------------[ cut here ]------------
kernel BUG at fs/f2fs/segment.c:2835!
Call Trace:
<TASK>
f2fs_allocate_data_block+0x6f4/0xc50
f2fs_map_blocks+0x970/0x1550
f2fs_iomap_begin+0xb2/0x1e0
iomap_iter+0x1d6/0x430
__iomap_dio_rw+0x208/0x9a0
f2fs_file_write_iter+0x6b3/0xfa0
aio_write+0x15d/0x2e0
io_submit_one+0x55e/0xab0
__x64_sys_io_submit+0xa5/0x230
do_syscall_64+0x84/0x2f0
entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0010:new_curseg+0x70f/0x720
The root cause of we run out-of-space is: in f2fs_map_blocks(), f2fs may
trigger foreground gc only if it allocates any physical block, it will be
a little bit later when there is multiple threads writing data w/
aio/dio/bufio method in parallel, since we always use OPU in lfs mode, so
f2fs_map_blocks() does block allocations aggressively.
In order to fix this issue, let's give a chance to trigger foreground
gc in prior to block allocation in f2fs_map_blocks().
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to trigger foreground gc during f2fs_map_blocks() in lfs mode\n\nw/ \"mode=lfs\" mount option, generic/299 will cause system panic as below:\n\n------------[ cut here ]------------\nkernel BUG at fs/f2fs/segment.c:2835!\nCall Trace:\n \u003cTASK\u003e\n f2fs_allocate_data_block+0x6f4/0xc50\n f2fs_map_blocks+0x970/0x1550\n f2fs_iomap_begin+0xb2/0x1e0\n iomap_iter+0x1d6/0x430\n __iomap_dio_rw+0x208/0x9a0\n f2fs_file_write_iter+0x6b3/0xfa0\n aio_write+0x15d/0x2e0\n io_submit_one+0x55e/0xab0\n __x64_sys_io_submit+0xa5/0x230\n do_syscall_64+0x84/0x2f0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0010:new_curseg+0x70f/0x720\n\nThe root cause of we run out-of-space is: in f2fs_map_blocks(), f2fs may\ntrigger foreground gc only if it allocates any physical block, it will be\na little bit later when there is multiple threads writing data w/\naio/dio/bufio method in parallel, since we always use OPU in lfs mode, so\nf2fs_map_blocks() does block allocations aggressively.\n\nIn order to fix this issue, let\u0027s give a chance to trigger foreground\ngc in prior to block allocation in f2fs_map_blocks()."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: f2fs: correcci\u00f3n para activar el gc de primer plano durante f2fs_map_blocks() en modo lfs con la opci\u00f3n de montaje \"mode=lfs\", generic/299 provocar\u00e1 p\u00e1nico en el sistema como se muestra a continuaci\u00f3n: ------------[ cortar aqu\u00ed ]------------ \u00a1ERROR del kernel en fs/f2fs/segment.c:2835! Rastreo de llamadas: f2fs_allocate_data_block+0x6f4/0xc50 f2fs_map_blocks+0x970/0x1550 f2fs_iomap_begin+0xb2/0x1e0 iomap_iter+0x1d6/0x430 __iomap_dio_rw+0x208/0x9a0 f2fs_file_write_iter+0x6b3/0xfa0 aio_write+0x15d/0x2e0 io_submit_one+0x55e/0xab0 __x64_sys_io_submit+0xa5/0x230 do_syscall_64+0x84/0x2f0 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0010:new_curseg+0x70f/0x720 La causa principal de la falta de espacio es que, en f2fs_map_blocks(), f2fs puede activar el recolector de basura en primer plano solo si asigna alg\u00fan bloque f\u00edsico. Esto ocurrir\u00e1 un poco m\u00e1s tarde, cuando varios subprocesos escriban datos con el m\u00e9todo aio/dio/bufio en paralelo. Dado que siempre usamos OPU en modo lfs, f2fs_map_blocks() realiza asignaciones de bloques de forma agresiva. Para solucionar este problema, permitamos que el recolector de basura en primer plano se active antes de la asignaci\u00f3n de bloques en f2fs_map_blocks()."
}
],
"id": "CVE-2025-38626",
"lastModified": "2025-08-22T18:08:51.663",
"metrics": {},
"published": "2025-08-22T16:15:36.193",
"references": [
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/1005a3ca28e90c7a64fa43023f866b960a60f791"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/264ede8a52f18647ed5bb5f2bd9bf54f556ad8f5"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/385e64a0744584397b4b52b27c96703516f39968"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/82765ce5c7a56f9309ee45328e763610eaf11253"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/f289690f50a01c3e085d87853392d5b7436a4cee"
}
],
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Awaiting Analysis"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…