CVE-2025-23132

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-23132
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-23132.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-23132
Downstream
Published
2025-04-16T15:16:07Z
Modified
2025-08-30T18:00:21Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

f2fs: quota: fix to avoid warning in dquotwritebackdquots()

F2FS-fs (dm-59): checkpoint=enable has some unwritten data.

------------[ cut here ]------------ WARNING: CPU: 6 PID: 8013 at fs/quota/dquot.c:691 dquotwritebackdquots+0x2fc/0x308 pc : dquotwritebackdquots+0x2fc/0x308 lr : f2fsquotasync+0xcc/0x1c4 Call trace: dquotwritebackdquots+0x2fc/0x308 f2fsquotasync+0xcc/0x1c4 f2fswritecheckpoint+0x3d4/0x9b0 f2fsissuecheckpoint+0x1bc/0x2c0 f2fssyncfs+0x54/0x150 f2fsdosyncfile+0x2f8/0x814 _f2fsioctl+0x1960/0x3244 f2fsioctl+0x54/0xe0 _arm64sysioctl+0xa8/0xe4 invokesyscall+0x58/0x114

checkpoint and f2fsremount may race as below, resulting triggering warning in dquotwriteback_dquots().

atomic write remount - doremount - downwrite(&sb->sumount); - f2fsremount - ioctl - f2fsdosyncfile - f2fssyncfs - f2fswritecheckpoint - blockoperations - locked = downreadtrylock(&sbi->sb->sumount) : fail to lock due to the write lock was held by remount - upwrite(&sb->sumount); - f2fsquotasync - dquotwritebackdquots - WARNONONCE(!rwsemislocked(&sb->sumount)) : trigger warning because s_umount lock was unlocked by remount

If checkpoint comes from mount/umount/remount/freeze/quotactl, caller of checkpoint has already held sumount lock, calling dquotwriteback_dquots() in the context should be safe.

So let's record task to sbi->umountlockholder, so that checkpoint can know whether the lock has held in the context or not by checking current w/ it.

In addition, in order to not misrepresent caller of checkpoint, we should not allow to trigger async checkpoint for those callers: mount/umount/remount/ freeze/quotactl.

References

Affected packages