{ "public_date" : "2025-04-16T00:00:00Z", "bugzilla" : { "description" : "kernel: f2fs: fix potential deadloop in prepare_compress_overwrite()", "id" : "2360296", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2360296" }, "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nf2fs: fix potential deadloop in prepare_compress_overwrite()\nJan Prusakowski reported a kernel hang issue as below:\nWhen running xfstests on linux-next kernel (6.14.0-rc3, 6.12) I\nencountered a problem in generic/475 test where fsstress process\ngets blocked in __f2fs_write_data_pages() and the test hangs.\nThe options I used are:\nMKFS_OPTIONS -- -O compression -O extra_attr -O project_quota -O quota /dev/vdc\nMOUNT_OPTIONS -- -o acl,user_xattr -o discard,compress_extension=* /dev/vdc /vdc\nINFO: task kworker/u8:0:11 blocked for more than 122 seconds.\nNot tainted 6.14.0-rc3-xfstests-lockdep #1\n\"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:kworker/u8:0 state:D stack:0 pid:11 tgid:11 ppid:2 task_flags:0x4208160 flags:0x00004000\nWorkqueue: writeback wb_workfn (flush-253:0)\nCall Trace:\n\n__schedule+0x309/0x8e0\nschedule+0x3a/0x100\nschedule_preempt_disabled+0x15/0x30\n__mutex_lock+0x59a/0xdb0\n__f2fs_write_data_pages+0x3ac/0x400\ndo_writepages+0xe8/0x290\n__writeback_single_inode+0x5c/0x360\nwriteback_sb_inodes+0x22f/0x570\nwb_writeback+0xb0/0x410\nwb_do_writeback+0x47/0x2f0\nwb_workfn+0x5a/0x1c0\nprocess_one_work+0x223/0x5b0\nworker_thread+0x1d5/0x3c0\nkthread+0xfd/0x230\nret_from_fork+0x31/0x50\nret_from_fork_asm+0x1a/0x30\n\nThe root cause is: once generic/475 starts toload error table to dm\ndevice, f2fs_prepare_compress_overwrite() will loop reading compressed\ncluster pages due to IO error, meanwhile it has held .writepages lock,\nit can block all other writeback tasks.\nLet's fix this issue w/ below changes:\n- add f2fs_handle_page_eio() in prepare_compress_overwrite() to\ndetect IO error.\n- detect cp_error earler in f2fs_read_multi_pages()." ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-22127\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-22127\nhttps://lore.kernel.org/linux-cve-announce/2025041630-CVE-2025-22127-81a6@gregkh/T" ], "name" : "CVE-2025-22127", "csaw" : false }