fkie_cve-2025-39792
Vulnerability from fkie_nvd
Published
2025-09-12 16:15
Modified
2025-09-15 15:21
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: dm: Always split write BIOs to zoned device limits Any zoned DM target that requires zone append emulation will use the block layer zone write plugging. In such case, DM target drivers must not split BIOs using dm_accept_partial_bio() as doing so can potentially lead to deadlocks with queue freeze operations. Regular write operations used to emulate zone append operations also cannot be split by the target driver as that would result in an invalid writen sector value return using the BIO sector. In order for zoned DM target drivers to avoid such incorrect BIO splitting, we must ensure that large BIOs are split before being passed to the map() function of the target, thus guaranteeing that the limits for the mapped device are not exceeded. dm-crypt and dm-flakey are the only target drivers supporting zoned devices and using dm_accept_partial_bio(). In the case of dm-crypt, this function is used to split BIOs to the internal max_write_size limit (which will be suppressed in a different patch). However, since crypt_alloc_buffer() uses a bioset allowing only up to BIO_MAX_VECS (256) vectors in a BIO. The dm-crypt device max_segments limit, which is not set and so default to BLK_MAX_SEGMENTS (128), must thus be respected and write BIOs split accordingly. In the case of dm-flakey, since zone append emulation is not required, the block layer zone write plugging is not used and no splitting of BIOs required. Modify the function dm_zone_bio_needs_split() to use the block layer helper function bio_needs_zone_write_plugging() to force a call to bio_split_to_limits() in dm_split_and_process_bio(). This allows DM target drivers to avoid using dm_accept_partial_bio() for write operations on zoned DM devices.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/2df7168717b7d2d32bcf017c68be16e4aae9dd13
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/4e9fef1cf0243d665d75c371cc80be6156cd30a2
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/d10bf66d9f9335ffc7521b3029b114f50604cabe
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/f5dd256333c08ab44b5aec4a8118cb04c0f20c54
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm: Always split write BIOs to zoned device limits\n\nAny zoned DM target that requires zone append emulation will use the\nblock layer zone write plugging. In such case, DM target drivers must\nnot split BIOs using dm_accept_partial_bio() as doing so can potentially\nlead to deadlocks with queue freeze operations. Regular write operations\nused to emulate zone append operations also cannot be split by the\ntarget driver as that would result in an invalid writen sector value\nreturn using the BIO sector.\n\nIn order for zoned DM target drivers to avoid such incorrect BIO\nsplitting, we must ensure that large BIOs are split before being passed\nto the map() function of the target, thus guaranteeing that the\nlimits for the mapped device are not exceeded.\n\ndm-crypt and dm-flakey are the only target drivers supporting zoned\ndevices and using dm_accept_partial_bio().\n\nIn the case of dm-crypt, this function is used to split BIOs to the\ninternal max_write_size limit (which will be suppressed in a different\npatch). However, since crypt_alloc_buffer() uses a bioset allowing only\nup to BIO_MAX_VECS (256) vectors in a BIO. The dm-crypt device\nmax_segments limit, which is not set and so default to BLK_MAX_SEGMENTS\n(128), must thus be respected and write BIOs split accordingly.\n\nIn the case of dm-flakey, since zone append emulation is not required,\nthe block layer zone write plugging is not used and no splitting of BIOs\nrequired.\n\nModify the function dm_zone_bio_needs_split() to use the block layer\nhelper function bio_needs_zone_write_plugging() to force a call to\nbio_split_to_limits() in dm_split_and_process_bio(). This allows DM\ntarget drivers to avoid using dm_accept_partial_bio() for write\noperations on zoned DM devices."
    }
  ],
  "id": "CVE-2025-39792",
  "lastModified": "2025-09-15T15:21:42.937",
  "metrics": {},
  "published": "2025-09-12T16:15:33.450",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/2df7168717b7d2d32bcf017c68be16e4aae9dd13"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/4e9fef1cf0243d665d75c371cc80be6156cd30a2"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/d10bf66d9f9335ffc7521b3029b114f50604cabe"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/f5dd256333c08ab44b5aec4a8118cb04c0f20c54"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.