CVE-2025-68356
Description
In the Linux kernel, the following vulnerability has been resolved:
gfs2: Prevent recursive memory reclaim
Function new_inode() returns a new inode with inode->i_mapping->gfp_mask set to GFP_HIGHUSER_MOVABLE. This value includes the __GFP_FS flag, so allocations in that address space can recurse into filesystem memory reclaim. We don't want that to happen because it can consume a significant amount of stack memory.
Worse than that is that it can also deadlock: for example, in several places, gfs2_unstuff_dinode() is called inside filesystem transactions. This calls filemap_grab_folio(), which can allocate a new folio, which can trigger memory reclaim. If memory reclaim recurses into the filesystem and starts another transaction, a deadlock will ensue.
To fix these kinds of problems, prevent memory reclaim from recursing into filesystem code by making sure that the gfp_mask of inode address spaces doesn't include __GFP_FS.
The "meta" and resource group address spaces were already using GFP_NOFS as their gfp_mask (which doesn't include __GFP_FS). The default value of GFP_HIGHUSER_MOVABLE is less restrictive than GFP_NOFS, though. To avoid being overly limiting, use the default value and only knock off the __GFP_FS flag. I'm not sure if this will actually make a difference, but it also shouldn't hurt.
This patch is loosely based on commit ad22c7a043c2 ("xfs: prevent stack overflows from page cache allocation").
Fixes xfstest generic/273.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A recursive memory reclaim vulnerability in GFS2 can cause stack can cause deadlocks when new_inode() sets GFP_HIGHUSER_MOVABLE with __GFP_FS, allowing reclaim to re-enter filesystem transactions.
Vulnerability
Overview
The vulnerability resides in the GFS2 filesystem within the Linux kernel. The function new_inode() returns a new inode with its address space's gfp_mask set to GFP_HIGHUSER_MOVABLE, which includes the includes the __GFP_FS flag. This flag permits memory reclaim to recurse into filesystem code, which can lead to excessive stack consumption and, more critically, deadlocks [1].
Exploitation
Mechanism
An attacker can trigger the issue by causing memory pressure that leads to memory reclaim. For example, gfs2_unstuff_dinode() is called inside filesystem transactions and invokes filemap_grab_folio(), which may allocate a new folio. If memory reclaim recurses into the filesystem and starts another transaction, a deadlock occurs [1]. The attack surface is local, requiring access to trigger filesystem operations on a GFS2 filesystem.
Impact
Successful exploitation results in a kernel deadlock, causing a denial of service (DoS) condition. The system becomes unresponsive, or at least the filesystem, becomes unresponsive. The vulnerability is rated with a CVSS score of 5.5 (Medium), indicating a moderate severity due to the need for local access and the potential for system unavailability.
Mitigation
The fix removes the __GFP_FS flag from the inode address space's gfp_mask, preventing memory reclaim from recursing into filesystem code. The patch is loosely based on commit ad22c7a043c2 ("xfs: prevent stack overflows from page cache allocation") and resolves xfstest generic/273 [1]. Users should apply the stable kernel update containing commit 49e7347f4644d031306d56cb4d51e467cbdcbc69.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4News mentions
0No linked articles in our index yet.