2460673 – (CVE-2026-31455) CVE-2026-31455 kernel: xfs: stop reclaim before pushing AIL during unmount

Bug 2460673 (CVE-2026-31455) - CVE-2026-31455 kernel: xfs: stop reclaim before pushing AIL during unmount

Summary: CVE-2026-31455 kernel: xfs: stop reclaim before pushing AIL during unmount

Keywords:
Status:	NEW
Alias:	CVE-2026-31455
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2026-04-22 15:04 UTC by OSIDB Bzimport
Modified:	2026-04-22 17:39 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-04-22 15:04:37 UTC

In the Linux kernel, the following vulnerability has been resolved:

xfs: stop reclaim before pushing AIL during unmount

The unmount sequence in xfs_unmount_flush_inodes() pushed the AIL while
background reclaim and inodegc are still running. This is broken
independently of any use-after-free issues - background reclaim and
inodegc should not be running while the AIL is being pushed during
unmount, as inodegc can dirty and insert inodes into the AIL during the
flush, and background reclaim can race to abort and free dirty inodes.

Reorder xfs_unmount_flush_inodes() to stop inodegc and cancel background
reclaim before pushing the AIL. Stop inodegc before cancelling
m_reclaim_work because the inodegc worker can re-queue m_reclaim_work
via xfs_inodegc_set_reclaimable.

Comment 1 Keith Grant 2026-04-22 17:38:14 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026042249-CVE-2026-31455-1c26@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.