cve-2024-35794
Vulnerability from cvelistv5
Published
2024-05-17 12:25
Modified
2024-11-05 09:22
Severity ?
Summary
dm-raid: really frozen sync_thread during suspend
Impacted products
LinuxLinux
LinuxLinux
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35794",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-20T14:13:16.470118Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:34:11.162Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:47.583Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/af916cb66a80597f3523bc85812e790bcdcfd62b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/eaa8fc9b092837cf2c754bde1a15d784ce9a85ab"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/16c4770c75b1223998adbeb7286f9a15c65fba73"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/md/dm-raid.c",
            "drivers/md/md.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "af916cb66a80",
              "status": "affected",
              "version": "9dbd1aa3a81c",
              "versionType": "git"
            },
            {
              "lessThan": "eaa8fc9b0928",
              "status": "affected",
              "version": "9dbd1aa3a81c",
              "versionType": "git"
            },
            {
              "lessThan": "16c4770c75b1",
              "status": "affected",
              "version": "9dbd1aa3a81c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/md/dm-raid.c",
            "drivers/md/md.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.8"
            },
            {
              "lessThan": "4.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-raid: really frozen sync_thread during suspend\n\n1) commit f52f5c71f3d4 (\"md: fix stopping sync thread\") remove\n   MD_RECOVERY_FROZEN from __md_stop_writes() and doesn\u0027t realize that\n   dm-raid relies on __md_stop_writes() to frozen sync_thread\n   indirectly. Fix this problem by adding MD_RECOVERY_FROZEN in\n   md_stop_writes(), and since stop_sync_thread() is only used for\n   dm-raid in this case, also move stop_sync_thread() to\n   md_stop_writes().\n2) The flag MD_RECOVERY_FROZEN doesn\u0027t mean that sync thread is frozen,\n   it only prevent new sync_thread to start, and it can\u0027t stop the\n   running sync thread; In order to frozen sync_thread, after seting the\n   flag, stop_sync_thread() should be used.\n3) The flag MD_RECOVERY_FROZEN doesn\u0027t mean that writes are stopped, use\n   it as condition for md_stop_writes() in raid_postsuspend() doesn\u0027t\n   look correct. Consider that reentrant stop_sync_thread() do nothing,\n   always call md_stop_writes() in raid_postsuspend().\n4) raid_message can set/clear the flag MD_RECOVERY_FROZEN at anytime,\n   and if MD_RECOVERY_FROZEN is cleared while the array is suspended,\n   new sync_thread can start unexpected. Fix this by disallow\n   raid_message() to change sync_thread status during suspend.\n\nNote that after commit f52f5c71f3d4 (\"md: fix stopping sync thread\"), the\ntest shell/lvconvert-raid-reshape.sh start to hang in stop_sync_thread(),\nand with previous fixes, the test won\u0027t hang there anymore, however, the\ntest will still fail and complain that ext4 is corrupted. And with this\npatch, the test won\u0027t hang due to stop_sync_thread() or fail due to ext4\nis corrupted anymore. However, there is still a deadlock related to\ndm-raid456 that will be fixed in following patches."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-05T09:22:29.218Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/af916cb66a80597f3523bc85812e790bcdcfd62b"
        },
        {
          "url": "https://git.kernel.org/stable/c/eaa8fc9b092837cf2c754bde1a15d784ce9a85ab"
        },
        {
          "url": "https://git.kernel.org/stable/c/16c4770c75b1223998adbeb7286f9a15c65fba73"
        }
      ],
      "title": "dm-raid: really frozen sync_thread during suspend",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35794",
    "datePublished": "2024-05-17T12:25:00.111Z",
    "dateReserved": "2024-05-17T12:19:12.339Z",
    "dateUpdated": "2024-11-05T09:22:29.218Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-35794\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-05-17T13:15:59.097\",\"lastModified\":\"2024-05-17T18:35:35.070\",\"vulnStatus\":\"Awaiting Analysis\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ndm-raid: really frozen sync_thread during suspend\\n\\n1) commit f52f5c71f3d4 (\\\"md: fix stopping sync thread\\\") remove\\n   MD_RECOVERY_FROZEN from __md_stop_writes() and doesn\u0027t realize that\\n   dm-raid relies on __md_stop_writes() to frozen sync_thread\\n   indirectly. Fix this problem by adding MD_RECOVERY_FROZEN in\\n   md_stop_writes(), and since stop_sync_thread() is only used for\\n   dm-raid in this case, also move stop_sync_thread() to\\n   md_stop_writes().\\n2) The flag MD_RECOVERY_FROZEN doesn\u0027t mean that sync thread is frozen,\\n   it only prevent new sync_thread to start, and it can\u0027t stop the\\n   running sync thread; In order to frozen sync_thread, after seting the\\n   flag, stop_sync_thread() should be used.\\n3) The flag MD_RECOVERY_FROZEN doesn\u0027t mean that writes are stopped, use\\n   it as condition for md_stop_writes() in raid_postsuspend() doesn\u0027t\\n   look correct. Consider that reentrant stop_sync_thread() do nothing,\\n   always call md_stop_writes() in raid_postsuspend().\\n4) raid_message can set/clear the flag MD_RECOVERY_FROZEN at anytime,\\n   and if MD_RECOVERY_FROZEN is cleared while the array is suspended,\\n   new sync_thread can start unexpected. Fix this by disallow\\n   raid_message() to change sync_thread status during suspend.\\n\\nNote that after commit f52f5c71f3d4 (\\\"md: fix stopping sync thread\\\"), the\\ntest shell/lvconvert-raid-reshape.sh start to hang in stop_sync_thread(),\\nand with previous fixes, the test won\u0027t hang there anymore, however, the\\ntest will still fail and complain that ext4 is corrupted. And with this\\npatch, the test won\u0027t hang due to stop_sync_thread() or fail due to ext4\\nis corrupted anymore. However, there is still a deadlock related to\\ndm-raid456 that will be fixed in following patches.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dm-raid: sync_thread realmente congelado durante la suspensi\u00f3n 1) commit f52f5c71f3d4 (\\\"md: fix deteniendo el hilo de sincronizaci\u00f3n\\\") elimina MD_RECOVERY_FROZEN de __md_stop_writes() y no se da cuenta de que dm-raid se basa en __md_stop_writes() para congelar sync_thread indirectamente. Solucione este problema agregando MD_RECOVERY_FROZEN en md_stop_writes(), y dado que stop_sync_thread() solo se usa para dm-raid en este caso, mueva tambi\u00e9n stop_sync_thread() a md_stop_writes(). 2) La bandera MD_RECOVERY_FROZEN no significa que el subproceso de sincronizaci\u00f3n est\u00e9 congelado, solo impide que se inicie un nuevo subproceso de sincronizaci\u00f3n y no puede detener el subproceso de sincronizaci\u00f3n en ejecuci\u00f3n; Para congelar sync_thread, despu\u00e9s de configurar la bandera, se debe usar stop_sync_thread(). 3) La bandera MD_RECOVERY_FROZEN no significa que se detengan las escrituras; usarla como condici\u00f3n para md_stop_writes() en raid_postsuspend() no parece correcta. Considere que el reentrante stop_sync_thread() no hace nada, siempre llame a md_stop_writes() en raid_postsuspend(). 4) raid_message puede establecer/borrar el indicador MD_RECOVERY_FROZEN en cualquier momento, y si MD_RECOVERY_FROZEN se borra mientras la matriz est\u00e1 suspendida, un nuevo sync_thread puede iniciarse inesperadamente. Solucione este problema al no permitir que raid_message() cambie el estado de sync_thread durante la suspensi\u00f3n. Tenga en cuenta que despu\u00e9s de confirmar f52f5c71f3d4 (\\\"md: arreglar la detenci\u00f3n del hilo de sincronizaci\u00f3n\\\"), la prueba shell/lvconvert-raid-reshape.sh comienza a bloquearse en stop_sync_thread(), y con las correcciones anteriores, la prueba ya no se bloquear\u00e1 all\u00ed, sin embargo , la prueba seguir\u00e1 fallondo y se quejar\u00e1 de que ext4 est\u00e1 da\u00f1ado. Y con este parche, la prueba no se bloquear\u00e1 debido a stop_sync_thread() ni fallar\u00e1 debido a que ext4 ya est\u00e1 da\u00f1ado. Sin embargo, todav\u00eda hay un punto muerto relacionado con dm-raid456 que se solucionar\u00e1 en los siguientes parches.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/16c4770c75b1223998adbeb7286f9a15c65fba73\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/af916cb66a80597f3523bc85812e790bcdcfd62b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/eaa8fc9b092837cf2c754bde1a15d784ce9a85ab\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...
  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.