GHSA-VW3M-PVF6-GXW8
Vulnerability from github – Published: 2024-04-17 12:32 – Updated: 2024-04-29 21:30In the Linux kernel, the following vulnerability has been resolved:
block: fix deadlock between bd_link_disk_holder and partition scan
'open_mutex' of gendisk is used to protect open/close block devices. But in bd_link_disk_holder(), it is used to protect the creation of symlink between holding disk and slave bdev, which introduces some issues.
When bd_link_disk_holder() is called, the driver is usually in the process of initialization/modification and may suspend submitting io. At this time, any io hold 'open_mutex', such as scanning partitions, can cause deadlocks. For example, in raid:
T1 T2 bdev_open_by_dev lock open_mutex [1] ... efi_partition ... md_submit_bio md_ioctl mddev_syspend -> suspend all io md_add_new_disk bind_rdev_to_array bd_link_disk_holder try lock open_mutex [2] md_handle_request -> wait mddev_resume
T1 scan partition, T2 add a new device to raid. T1 waits for T2 to resume mddev, but T2 waits for open_mutex held by T1. Deadlock occurs.
Fix it by introducing a local mutex 'blk_holder_mutex' to replace 'open_mutex'.
{
"affected": [],
"aliases": [
"CVE-2024-26899"
],
"database_specific": {
"cwe_ids": [
"CWE-667"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-17T11:15:10Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix deadlock between bd_link_disk_holder and partition scan\n\n\u0027open_mutex\u0027 of gendisk is used to protect open/close block devices. But\nin bd_link_disk_holder(), it is used to protect the creation of symlink\nbetween holding disk and slave bdev, which introduces some issues.\n\nWhen bd_link_disk_holder() is called, the driver is usually in the process\nof initialization/modification and may suspend submitting io. At this\ntime, any io hold \u0027open_mutex\u0027, such as scanning partitions, can cause\ndeadlocks. For example, in raid:\n\nT1 T2\nbdev_open_by_dev\n lock open_mutex [1]\n ...\n efi_partition\n ...\n md_submit_bio\n\t\t\t\tmd_ioctl mddev_syspend\n\t\t\t\t -\u003e suspend all io\n\t\t\t\t md_add_new_disk\n\t\t\t\t bind_rdev_to_array\n\t\t\t\t bd_link_disk_holder\n\t\t\t\t try lock open_mutex [2]\n md_handle_request\n -\u003e wait mddev_resume\n\nT1 scan partition, T2 add a new device to raid. T1 waits for T2 to resume\nmddev, but T2 waits for open_mutex held by T1. Deadlock occurs.\n\nFix it by introducing a local mutex \u0027blk_holder_mutex\u0027 to replace\n\u0027open_mutex\u0027.",
"id": "GHSA-vw3m-pvf6-gxw8",
"modified": "2024-04-29T21:30:33Z",
"published": "2024-04-17T12:32:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26899"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/03f12122b20b6e6028e9ed69030a49f9cffcbb75"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1e5c5b0abaee7b62a10b9707a62083b71ad21f62"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5a87c1f7993bc8ac358a3766bac5dc7126e01e98"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.