CVE-2025-37859

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> page_pool: avoid infinite loop to schedule delayed worker<br /> <br /> We noticed the kworker in page_pool_release_retry() was waken<br /> up repeatedly and infinitely in production because of the<br /> buggy driver causing the inflight less than 0 and warning<br /> us in page_pool_inflight()[1].<br /> <br /> Since the inflight value goes negative, it means we should<br /> not expect the whole page_pool to get back to work normally.<br /> <br /> This patch mitigates the adverse effect by not rescheduling<br /> the kworker when detecting the inflight negative in<br /> page_pool_release_retry().<br /> <br /> [1]<br /> [Mon Feb 10 20:36:11 2025] ------------[ cut here ]------------<br /> [Mon Feb 10 20:36:11 2025] Negative(-51446) inflight packet-pages<br /> ...<br /> [Mon Feb 10 20:36:11 2025] Call Trace:<br /> [Mon Feb 10 20:36:11 2025] page_pool_release_retry+0x23/0x70<br /> [Mon Feb 10 20:36:11 2025] process_one_work+0x1b1/0x370<br /> [Mon Feb 10 20:36:11 2025] worker_thread+0x37/0x3a0<br /> [Mon Feb 10 20:36:11 2025] kthread+0x11a/0x140<br /> [Mon Feb 10 20:36:11 2025] ? process_one_work+0x370/0x370<br /> [Mon Feb 10 20:36:11 2025] ? __kthread_cancel_work+0x40/0x40<br /> [Mon Feb 10 20:36:11 2025] ret_from_fork+0x35/0x40<br /> [Mon Feb 10 20:36:11 2025] ---[ end trace ebffe800f33e7e34 ]---<br /> Note: before this patch, the above calltrace would flood the<br /> dmesg due to repeated reschedule of release_dw kworker.