ghsa-j5x4-gghq-7xhm
Vulnerability from github
Published
2024-05-20 12:30
Modified
2024-05-20 12:30
Details

In the Linux kernel, the following vulnerability has been resolved:

netfs: Fix the pre-flush when appending to a file in writethrough mode

In netfs_perform_write(), when the file is marked NETFS_ICTX_WRITETHROUGH or O_SYNC or RWF_SYNC was specified, write-through caching is performed on a buffered file. When setting up for write-through, we flush any conflicting writes in the region and wait for the write to complete, failing if there's a write error to return.

The issue arises if we're writing at or above the EOF position because we skip the flush and - more importantly - the wait. This becomes a problem if there's a partial folio at the end of the file that is being written out and we want to make a write to it too. Both the already-running write and the write we start both want to clear the writeback mark, but whoever is second causes a warning looking something like:

------------[ cut here ]------------
R=00000012: folio 11 is not under writeback
WARNING: CPU: 34 PID: 654 at fs/netfs/write_collect.c:105
...
CPU: 34 PID: 654 Comm: kworker/u386:27 Tainted: G S ...
...
Workqueue: events_unbound netfs_write_collection_worker
...
RIP: 0010:netfs_writeback_lookup_folio

Fix this by making the flush-and-wait unconditional. It will do nothing if there are no folios in the pagecache and will return quickly if there are no folios in the region specified.

Further, move the WBC attachment above the flush call as the flush is going to attach a WBC and detach it again if it is not present - and since we need one anyway we might as well share it.

Show details on source website


{
  "affected": [],
  "aliases": [
    "CVE-2024-36001"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-20T10:15:14Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs: Fix the pre-flush when appending to a file in writethrough mode\n\nIn netfs_perform_write(), when the file is marked NETFS_ICTX_WRITETHROUGH\nor O_*SYNC or RWF_*SYNC was specified, write-through caching is performed\non a buffered file.  When setting up for write-through, we flush any\nconflicting writes in the region and wait for the write to complete,\nfailing if there\u0027s a write error to return.\n\nThe issue arises if we\u0027re writing at or above the EOF position because we\nskip the flush and - more importantly - the wait.  This becomes a problem\nif there\u0027s a partial folio at the end of the file that is being written out\nand we want to make a write to it too.  Both the already-running write and\nthe write we start both want to clear the writeback mark, but whoever is\nsecond causes a warning looking something like:\n\n    ------------[ cut here ]------------\n    R=00000012: folio 11 is not under writeback\n    WARNING: CPU: 34 PID: 654 at fs/netfs/write_collect.c:105\n    ...\n    CPU: 34 PID: 654 Comm: kworker/u386:27 Tainted: G S ...\n    ...\n    Workqueue: events_unbound netfs_write_collection_worker\n    ...\n    RIP: 0010:netfs_writeback_lookup_folio\n\nFix this by making the flush-and-wait unconditional.  It will do nothing if\nthere are no folios in the pagecache and will return quickly if there are\nno folios in the region specified.\n\nFurther, move the WBC attachment above the flush call as the flush is going\nto attach a WBC and detach it again if it is not present - and since we\nneed one anyway we might as well share it.",
  "id": "GHSA-j5x4-gghq-7xhm",
  "modified": "2024-05-20T12:30:30Z",
  "published": "2024-05-20T12:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36001"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5eaf23b2e81349f6614f88396dc468fda89fc0b9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c97f59e276d4e93480f29a70accbd0d7273cf3f5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.