Home

Description

In the Linux kernel, the following vulnerability has been resolved: page_pool: avoid infinite loop to schedule delayed worker We noticed the kworker in page_pool_release_retry() was waken up repeatedly and infinitely in production because of the buggy driver causing the inflight less than 0 and warning us in page_pool_inflight()[1]. Since the inflight value goes negative, it means we should not expect the whole page_pool to get back to work normally. This patch mitigates the adverse effect by not rescheduling the kworker when detecting the inflight negative in page_pool_release_retry(). [1] [Mon Feb 10 20:36:11 2025] ------------[ cut here ]------------ [Mon Feb 10 20:36:11 2025] Negative(-51446) inflight packet-pages ... [Mon Feb 10 20:36:11 2025] Call Trace: [Mon Feb 10 20:36:11 2025] page_pool_release_retry+0x23/0x70 [Mon Feb 10 20:36:11 2025] process_one_work+0x1b1/0x370 [Mon Feb 10 20:36:11 2025] worker_thread+0x37/0x3a0 [Mon Feb 10 20:36:11 2025] kthread+0x11a/0x140 [Mon Feb 10 20:36:11 2025] ? process_one_work+0x370/0x370 [Mon Feb 10 20:36:11 2025] ? __kthread_cancel_work+0x40/0x40 [Mon Feb 10 20:36:11 2025] ret_from_fork+0x35/0x40 [Mon Feb 10 20:36:11 2025] ---[ end trace ebffe800f33e7e34 ]--- Note: before this patch, the above calltrace would flood the dmesg due to repeated reschedule of release_dw kworker.

PUBLISHED Reserved 2025-04-16 | Published 2025-05-09 | Updated 2026-05-23 | Assigner Linux

Product status

Default status
unaffected

05f646cb2174d1a4e032b60b99097f5c4b522616 (git) before c3c7c57017ce1d4b2d3788c1fc59e7e39026e158
affected

c3f812cea0d7006469d1cf33a4a9f0a12bb4b3a3 (git) before 9f71db4fb82deb889e0bac4a51b34daea7d506a3
affected

c3f812cea0d7006469d1cf33a4a9f0a12bb4b3a3 (git) before 91522aba56e9fcdf64da25ffef9b27f8fad48e0f
affected

c3f812cea0d7006469d1cf33a4a9f0a12bb4b3a3 (git) before 90e089a64504982f8d62f223027cb9f903781f78
affected

c3f812cea0d7006469d1cf33a4a9f0a12bb4b3a3 (git) before 95f17738b86fd198924d874a5639bcdc49c7e5b8
affected

c3f812cea0d7006469d1cf33a4a9f0a12bb4b3a3 (git) before 7204335d1991c23fc615ab76f31f175748a578e1
affected

c3f812cea0d7006469d1cf33a4a9f0a12bb4b3a3 (git) before e74e5aa33228c5e2cb4fc80ad103541a7b7805ec
affected

c3f812cea0d7006469d1cf33a4a9f0a12bb4b3a3 (git) before 738d1812ec2e395e953258aea912ddd867d11a13
affected

c3f812cea0d7006469d1cf33a4a9f0a12bb4b3a3 (git) before 43130d02baa137033c25297aaae95fd0edc41654
affected

bf22306d92ca59c59dc4aa3bab14768948193d56 (git)
affected

5.4.5 (semver) before 5.4.293
affected

5.3.18 (semver) before 5.4
affected

Default status
affected

5.5
affected

Any version before 5.5
unaffected

5.4.293 (semver)
unaffected

5.10.237 (semver)
unaffected

5.15.181 (semver)
unaffected

6.1.135 (semver)
unaffected

6.6.88 (semver)
unaffected

6.12.24 (semver)
unaffected

6.13.12 (semver)
unaffected

6.14.3 (semver)
unaffected

6.15 (original_commit_for_fix)
unaffected

References

lists.debian.org/debian-lts-announce/2025/05/msg00045.html

lists.debian.org/debian-lts-announce/2025/05/msg00030.html

git.kernel.org/...c/c3c7c57017ce1d4b2d3788c1fc59e7e39026e158

git.kernel.org/...c/9f71db4fb82deb889e0bac4a51b34daea7d506a3

git.kernel.org/...c/91522aba56e9fcdf64da25ffef9b27f8fad48e0f

git.kernel.org/...c/90e089a64504982f8d62f223027cb9f903781f78

git.kernel.org/...c/95f17738b86fd198924d874a5639bcdc49c7e5b8

git.kernel.org/...c/7204335d1991c23fc615ab76f31f175748a578e1

git.kernel.org/...c/e74e5aa33228c5e2cb4fc80ad103541a7b7805ec

git.kernel.org/...c/738d1812ec2e395e953258aea912ddd867d11a13

git.kernel.org/...c/43130d02baa137033c25297aaae95fd0edc41654

cve.org (CVE-2025-37859)

nvd.nist.gov (CVE-2025-37859)

Download JSON