{"id":"CVE-2025-23132","summary":"f2fs: quota: fix to avoid warning in dquot_writeback_dquots()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: quota: fix to avoid warning in dquot_writeback_dquots()\n\nF2FS-fs (dm-59): checkpoint=enable has some unwritten data.\n\n------------[ cut here ]------------\nWARNING: CPU: 6 PID: 8013 at fs/quota/dquot.c:691 dquot_writeback_dquots+0x2fc/0x308\npc : dquot_writeback_dquots+0x2fc/0x308\nlr : f2fs_quota_sync+0xcc/0x1c4\nCall trace:\ndquot_writeback_dquots+0x2fc/0x308\nf2fs_quota_sync+0xcc/0x1c4\nf2fs_write_checkpoint+0x3d4/0x9b0\nf2fs_issue_checkpoint+0x1bc/0x2c0\nf2fs_sync_fs+0x54/0x150\nf2fs_do_sync_file+0x2f8/0x814\n__f2fs_ioctl+0x1960/0x3244\nf2fs_ioctl+0x54/0xe0\n__arm64_sys_ioctl+0xa8/0xe4\ninvoke_syscall+0x58/0x114\n\ncheckpoint and f2fs_remount may race as below, resulting triggering warning\nin dquot_writeback_dquots().\n\natomic write                                    remount\n                                                - do_remount\n                                                 - down_write(&sb-\u003es_umount);\n                                                  - f2fs_remount\n- ioctl\n - f2fs_do_sync_file\n  - f2fs_sync_fs\n   - f2fs_write_checkpoint\n    - block_operations\n     - locked = down_read_trylock(&sbi-\u003esb-\u003es_umount)\n       : fail to lock due to the write lock was held by remount\n                                                 - up_write(&sb-\u003es_umount);\n     - f2fs_quota_sync\n      - dquot_writeback_dquots\n       - WARN_ON_ONCE(!rwsem_is_locked(&sb-\u003es_umount))\n       : trigger warning because s_umount lock was unlocked by remount\n\nIf checkpoint comes from mount/umount/remount/freeze/quotactl, caller of\ncheckpoint has already held s_umount lock, calling dquot_writeback_dquots()\nin the context should be safe.\n\nSo let's record task to sbi-\u003eumount_lock_holder, so that checkpoint can\nknow whether the lock has held in the context or not by checking current\nw/ it.\n\nIn addition, in order to not misrepresent caller of checkpoint, we should\nnot allow to trigger async checkpoint for those callers: mount/umount/remount/\nfreeze/quotactl.","modified":"2026-04-02T12:45:23.050940Z","published":"2025-04-16T14:13:13.697Z","related":["CGA-jwx4-fmm7-vm45"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/23xxx/CVE-2025-23132.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/d7acf0a6c87aa282c86a36dbaa2f92fda88c5884"},{"type":"WEB","url":"https://git.kernel.org/stable/c/eb85c2410d6f581e957cd03a644ff6ddbe592af9"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/23xxx/CVE-2025-23132.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-23132"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"af033b2aa8a874fd5737fafe90d159136527b5b4"},{"fixed":"d7acf0a6c87aa282c86a36dbaa2f92fda88c5884"},{"fixed":"eb85c2410d6f581e957cd03a644ff6ddbe592af9"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-23132.json"}}],"schema_version":"1.7.5"}