CVE-2025-39782

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> jbd2: prevent softlockup in jbd2_log_do_checkpoint()<br /> <br /> Both jbd2_log_do_checkpoint() and jbd2_journal_shrink_checkpoint_list()<br /> periodically release j_list_lock after processing a batch of buffers to<br /> avoid long hold times on the j_list_lock. However, since both functions<br /> contend for j_list_lock, the combined time spent waiting and processing<br /> can be significant.<br /> <br /> jbd2_journal_shrink_checkpoint_list() explicitly calls cond_resched() when<br /> need_resched() is true to avoid softlockups during prolonged operations.<br /> But jbd2_log_do_checkpoint() only exits its loop when need_resched() is<br /> true, relying on potentially sleeping functions like __flush_batch() or<br /> wait_on_buffer() to trigger rescheduling. If those functions do not sleep,<br /> the kernel may hit a softlockup.<br /> <br /> watchdog: BUG: soft lockup - CPU#3 stuck for 156s! [kworker/u129:2:373]<br /> CPU: 3 PID: 373 Comm: kworker/u129:2 Kdump: loaded Not tainted 6.6.0+ #10<br /> Hardware name: Huawei TaiShan 2280 /BC11SPCD, BIOS 1.27 06/13/2017<br /> Workqueue: writeback wb_workfn (flush-7:2)<br /> pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)<br /> pc : native_queued_spin_lock_slowpath+0x358/0x418<br /> lr : jbd2_log_do_checkpoint+0x31c/0x438 [jbd2]<br /> Call trace:<br /> native_queued_spin_lock_slowpath+0x358/0x418<br /> jbd2_log_do_checkpoint+0x31c/0x438 [jbd2]<br /> __jbd2_log_wait_for_space+0xfc/0x2f8 [jbd2]<br /> add_transaction_credits+0x3bc/0x418 [jbd2]<br /> start_this_handle+0xf8/0x560 [jbd2]<br /> jbd2__journal_start+0x118/0x228 [jbd2]<br /> __ext4_journal_start_sb+0x110/0x188 [ext4]<br /> ext4_do_writepages+0x3dc/0x740 [ext4]<br /> ext4_writepages+0xa4/0x190 [ext4]<br /> do_writepages+0x94/0x228<br /> __writeback_single_inode+0x48/0x318<br /> writeback_sb_inodes+0x204/0x590<br /> __writeback_inodes_wb+0x54/0xf8<br /> wb_writeback+0x2cc/0x3d8<br /> wb_do_writeback+0x2e0/0x2f8<br /> wb_workfn+0x80/0x2a8<br /> process_one_work+0x178/0x3e8<br /> worker_thread+0x234/0x3b8<br /> kthread+0xf0/0x108<br /> ret_from_fork+0x10/0x20<br /> <br /> So explicitly call cond_resched() in jbd2_log_do_checkpoint() to avoid<br /> softlockup.