CVE-2025-68356 (GCVE-0-2025-68356)

Vulnerability from cvelistv5 – Published: 2025-12-24 10:32 – Updated: 2025-12-24 10:32
VLAI?
Title
gfs2: Prevent recursive memory reclaim
Summary
In the Linux kernel, the following vulnerability has been resolved: gfs2: Prevent recursive memory reclaim Function new_inode() returns a new inode with inode->i_mapping->gfp_mask set to GFP_HIGHUSER_MOVABLE. This value includes the __GFP_FS flag, so allocations in that address space can recurse into filesystem memory reclaim. We don't want that to happen because it can consume a significant amount of stack memory. Worse than that is that it can also deadlock: for example, in several places, gfs2_unstuff_dinode() is called inside filesystem transactions. This calls filemap_grab_folio(), which can allocate a new folio, which can trigger memory reclaim. If memory reclaim recurses into the filesystem and starts another transaction, a deadlock will ensue. To fix these kinds of problems, prevent memory reclaim from recursing into filesystem code by making sure that the gfp_mask of inode address spaces doesn't include __GFP_FS. The "meta" and resource group address spaces were already using GFP_NOFS as their gfp_mask (which doesn't include __GFP_FS). The default value of GFP_HIGHUSER_MOVABLE is less restrictive than GFP_NOFS, though. To avoid being overly limiting, use the default value and only knock off the __GFP_FS flag. I'm not sure if this will actually make a difference, but it also shouldn't hurt. This patch is loosely based on commit ad22c7a043c2 ("xfs: prevent stack overflows from page cache allocation"). Fixes xfstest generic/273.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: dc0b9435238c1a68150c798c9c7a1b5d7414cbb9 , < edb2b255618621dc83d0ec23150e16b2c697077f (git)
Affected: dc0b9435238c1a68150c798c9c7a1b5d7414cbb9 , < 9c0960ed112398bdb6c60ccf6e6b583bc59acede (git)
Affected: dc0b9435238c1a68150c798c9c7a1b5d7414cbb9 , < 49e7347f4644d031306d56cb4d51e467cbdcbc69 (git)
Affected: dc0b9435238c1a68150c798c9c7a1b5d7414cbb9 , < 2c5f4a53476e3cab70adc77b38942c066bd2c17c (git)
Create a notification for this product.
    Linux Linux Affected: 6.6
Unaffected: 0 , < 6.6 (semver)
Unaffected: 6.12.63 , ≤ 6.12.* (semver)
Unaffected: 6.17.13 , ≤ 6.17.* (semver)
Unaffected: 6.18.2 , ≤ 6.18.* (semver)
Unaffected: 6.19-rc1 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/gfs2/glock.c",
            "fs/gfs2/inode.c",
            "fs/gfs2/inode.h",
            "fs/gfs2/ops_fstype.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "edb2b255618621dc83d0ec23150e16b2c697077f",
              "status": "affected",
              "version": "dc0b9435238c1a68150c798c9c7a1b5d7414cbb9",
              "versionType": "git"
            },
            {
              "lessThan": "9c0960ed112398bdb6c60ccf6e6b583bc59acede",
              "status": "affected",
              "version": "dc0b9435238c1a68150c798c9c7a1b5d7414cbb9",
              "versionType": "git"
            },
            {
              "lessThan": "49e7347f4644d031306d56cb4d51e467cbdcbc69",
              "status": "affected",
              "version": "dc0b9435238c1a68150c798c9c7a1b5d7414cbb9",
              "versionType": "git"
            },
            {
              "lessThan": "2c5f4a53476e3cab70adc77b38942c066bd2c17c",
              "status": "affected",
              "version": "dc0b9435238c1a68150c798c9c7a1b5d7414cbb9",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/gfs2/glock.c",
            "fs/gfs2/inode.c",
            "fs/gfs2/inode.h",
            "fs/gfs2/ops_fstype.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.6"
            },
            {
              "lessThan": "6.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.63",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.17.*",
              "status": "unaffected",
              "version": "6.17.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.19-rc1",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.63",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17.13",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.2",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19-rc1",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Prevent recursive memory reclaim\n\nFunction new_inode() returns a new inode with inode-\u003ei_mapping-\u003egfp_mask\nset to GFP_HIGHUSER_MOVABLE.  This value includes the __GFP_FS flag, so\nallocations in that address space can recurse into filesystem memory\nreclaim.  We don\u0027t want that to happen because it can consume a\nsignificant amount of stack memory.\n\nWorse than that is that it can also deadlock: for example, in several\nplaces, gfs2_unstuff_dinode() is called inside filesystem transactions.\nThis calls filemap_grab_folio(), which can allocate a new folio, which\ncan trigger memory reclaim.  If memory reclaim recurses into the\nfilesystem and starts another transaction, a deadlock will ensue.\n\nTo fix these kinds of problems, prevent memory reclaim from recursing\ninto filesystem code by making sure that the gfp_mask of inode address\nspaces doesn\u0027t include __GFP_FS.\n\nThe \"meta\" and resource group address spaces were already using GFP_NOFS\nas their gfp_mask (which doesn\u0027t include __GFP_FS).  The default value\nof GFP_HIGHUSER_MOVABLE is less restrictive than GFP_NOFS, though.  To\navoid being overly limiting, use the default value and only knock off\nthe __GFP_FS flag.  I\u0027m not sure if this will actually make a\ndifference, but it also shouldn\u0027t hurt.\n\nThis patch is loosely based on commit ad22c7a043c2 (\"xfs: prevent stack\noverflows from page cache allocation\").\n\nFixes xfstest generic/273."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-24T10:32:46.275Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/edb2b255618621dc83d0ec23150e16b2c697077f"
        },
        {
          "url": "https://git.kernel.org/stable/c/9c0960ed112398bdb6c60ccf6e6b583bc59acede"
        },
        {
          "url": "https://git.kernel.org/stable/c/49e7347f4644d031306d56cb4d51e467cbdcbc69"
        },
        {
          "url": "https://git.kernel.org/stable/c/2c5f4a53476e3cab70adc77b38942c066bd2c17c"
        }
      ],
      "title": "gfs2: Prevent recursive memory reclaim",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-68356",
    "datePublished": "2025-12-24T10:32:46.275Z",
    "dateReserved": "2025-12-16T14:48:05.301Z",
    "dateUpdated": "2025-12-24T10:32:46.275Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-68356\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-12-24T11:15:58.967\",\"lastModified\":\"2025-12-24T11:15:58.967\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ngfs2: Prevent recursive memory reclaim\\n\\nFunction new_inode() returns a new inode with inode-\u003ei_mapping-\u003egfp_mask\\nset to GFP_HIGHUSER_MOVABLE.  This value includes the __GFP_FS flag, so\\nallocations in that address space can recurse into filesystem memory\\nreclaim.  We don\u0027t want that to happen because it can consume a\\nsignificant amount of stack memory.\\n\\nWorse than that is that it can also deadlock: for example, in several\\nplaces, gfs2_unstuff_dinode() is called inside filesystem transactions.\\nThis calls filemap_grab_folio(), which can allocate a new folio, which\\ncan trigger memory reclaim.  If memory reclaim recurses into the\\nfilesystem and starts another transaction, a deadlock will ensue.\\n\\nTo fix these kinds of problems, prevent memory reclaim from recursing\\ninto filesystem code by making sure that the gfp_mask of inode address\\nspaces doesn\u0027t include __GFP_FS.\\n\\nThe \\\"meta\\\" and resource group address spaces were already using GFP_NOFS\\nas their gfp_mask (which doesn\u0027t include __GFP_FS).  The default value\\nof GFP_HIGHUSER_MOVABLE is less restrictive than GFP_NOFS, though.  To\\navoid being overly limiting, use the default value and only knock off\\nthe __GFP_FS flag.  I\u0027m not sure if this will actually make a\\ndifference, but it also shouldn\u0027t hurt.\\n\\nThis patch is loosely based on commit ad22c7a043c2 (\\\"xfs: prevent stack\\noverflows from page cache allocation\\\").\\n\\nFixes xfstest generic/273.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/2c5f4a53476e3cab70adc77b38942c066bd2c17c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/49e7347f4644d031306d56cb4d51e467cbdcbc69\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/9c0960ed112398bdb6c60ccf6e6b583bc59acede\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/edb2b255618621dc83d0ec23150e16b2c697077f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.