CVE-2025-39910

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mm/vmalloc, mm/kasan: respect gfp mask in kasan_populate_vmalloc()<br /> <br /> kasan_populate_vmalloc() and its helpers ignore the caller&amp;#39;s gfp_mask and<br /> always allocate memory using the hardcoded GFP_KERNEL flag. This makes<br /> them inconsistent with vmalloc(), which was recently extended to support<br /> GFP_NOFS and GFP_NOIO allocations.<br /> <br /> Page table allocations performed during shadow population also ignore the<br /> external gfp_mask. To preserve the intended semantics of GFP_NOFS and<br /> GFP_NOIO, wrap the apply_to_page_range() calls into the appropriate<br /> memalloc scope.<br /> <br /> xfs calls vmalloc with GFP_NOFS, so this bug could lead to deadlock.<br /> <br /> There was a report here<br /> https://lkml.kernel.org/r/686ea951.050a0220.385921.0016.GAE@google.com<br /> <br /> This patch:<br /> - Extends kasan_populate_vmalloc() and helpers to take gfp_mask;<br /> - Passes gfp_mask down to alloc_pages_bulk() and __get_free_page();<br /> - Enforces GFP_NOFS/NOIO semantics with memalloc_*_save()/restore()<br /> around apply_to_page_range();<br /> - Updates vmalloc.c and percpu allocator call sites accordingly.