CVE-2025-38164

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> f2fs: zone: fix to avoid inconsistence in between SIT and SSA<br /> <br /> w/ below testcase, it will cause inconsistence in between SIT and SSA.<br /> <br /> create_null_blk 512 2 1024 1024<br /> mkfs.f2fs -m /dev/nullb0<br /> mount /dev/nullb0 /mnt/f2fs/<br /> touch /mnt/f2fs/file<br /> f2fs_io pinfile set /mnt/f2fs/file<br /> fallocate -l 4GiB /mnt/f2fs/file<br /> <br /> F2FS-fs (nullb0): Inconsistent segment (0) type [1, 0] in SSA and SIT<br /> CPU: 5 UID: 0 PID: 2398 Comm: fallocate Tainted: G O 6.13.0-rc1 #84<br /> Tainted: [O]=OOT_MODULE<br /> Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006<br /> Call Trace:<br /> <br /> dump_stack_lvl+0xb3/0xd0<br /> dump_stack+0x14/0x20<br /> f2fs_handle_critical_error+0x18c/0x220 [f2fs]<br /> f2fs_stop_checkpoint+0x38/0x50 [f2fs]<br /> do_garbage_collect+0x674/0x6e0 [f2fs]<br /> f2fs_gc_range+0x12b/0x230 [f2fs]<br /> f2fs_allocate_pinning_section+0x5c/0x150 [f2fs]<br /> f2fs_expand_inode_data+0x1cc/0x3c0 [f2fs]<br /> f2fs_fallocate+0x3c3/0x410 [f2fs]<br /> vfs_fallocate+0x15f/0x4b0<br /> __x64_sys_fallocate+0x4a/0x80<br /> x64_sys_call+0x15e8/0x1b80<br /> do_syscall_64+0x68/0x130<br /> entry_SYSCALL_64_after_hwframe+0x67/0x6f<br /> RIP: 0033:0x7f9dba5197ca<br /> F2FS-fs (nullb0): Stopped filesystem due to reason: 4<br /> <br /> The reason is f2fs_gc_range() may try to migrate block in curseg, however,<br /> its SSA block is not uptodate due to the last summary block data is still<br /> in cache of curseg.<br /> <br /> In this patch, we add a condition in f2fs_gc_range() to check whether<br /> section is opened or not, and skip block migration for opened section.