CVE-2024-35794: dm-raid: really frozen sync_thread during suspend
First published: Fri May 17 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: dm-raid: really frozen sync_thread during suspend 1) commit f52f5c71f3d4 ("md: fix stopping sync thread") remove MD_RECOVERY_FROZEN from __md_stop_writes() and doesn't realize that dm-raid relies on __md_stop_writes() to frozen sync_thread indirectly. Fix this problem by adding MD_RECOVERY_FROZEN in md_stop_writes(), and since stop_sync_thread() is only used for dm-raid in this case, also move stop_sync_thread() to md_stop_writes(). 2) The flag MD_RECOVERY_FROZEN doesn't mean that sync thread is frozen, it only prevent new sync_thread to start, and it can't stop the running sync thread; In order to frozen sync_thread, after seting the flag, stop_sync_thread() should be used. 3) The flag MD_RECOVERY_FROZEN doesn't mean that writes are stopped, use it as condition for md_stop_writes() in raid_postsuspend() doesn't look correct. Consider that reentrant stop_sync_thread() do nothing, always call md_stop_writes() in raid_postsuspend(). 4) raid_message can set/clear the flag MD_RECOVERY_FROZEN at anytime, and if MD_RECOVERY_FROZEN is cleared while the array is suspended, new sync_thread can start unexpected. Fix this by disallow raid_message() to change sync_thread status during suspend. Note that after commit f52f5c71f3d4 ("md: fix stopping sync thread"), the test shell/lvconvert-raid-reshape.sh start to hang in stop_sync_thread(), and with previous fixes, the test won't hang there anymore, however, the test will still fail and complain that ext4 is corrupted. And with this patch, the test won't hang due to stop_sync_thread() or fail due to ext4 is corrupted anymore. However, there is still a deadlock related to dm-raid456 that will be fixed in following patches.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel | <6.7.12 | 6.7.12 |
| redhat/kernel | <6.8.3 | 6.8.3 |
| redhat/kernel | <6.9 | 6.9 |
| debian/linux | <=5.10.223-1<=5.10.226-1<=6.1.115-1<=6.1.119-1 | 6.12.5-1 6.12.6-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/16c4770c75b1223998adbeb7286f9a15c65fba73
- https://git.kernel.org/stable/c/af916cb66a80597f3523bc85812e790bcdcfd62b
- https://git.kernel.org/stable/c/eaa8fc9b092837cf2c754bde1a15d784ce9a85ab
- https://launchpad.net/bugs/cve/CVE-2024-35794
- https://access.redhat.com/security/cve/CVE-2024-35794
- https://lore.kernel.org/linux-cve-announce/2024051709-CVE-2024-35794-f42d@gregkh/T
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2281046
- https://access.redhat.com/errata/RHSA-2024:9315
- https://bugzilla.redhat.com/show_bug.cgi?id=2281045
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35794
- https://nvd.nist.gov/vuln/detail/CVE-2024-35794
- https://security-tracker.debian.org/tracker/CVE-2024-35794
- https://ubuntu.com/security/CVE-2024-35794
- https://git.kernel.org/linus/16c4770c75b1223998adbeb7286f9a15c65fba73
- agent/title
- agent/type
- collector/nvd-api
- source/NVD
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/remedy
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2024-35794
- agent/software-canonical-lookup
- collector/usn-cve
- source/Ubuntu
- collector/nvd-cve
- collector/security-tracker-debian
- source/Debian
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/references
- agent/description
- agent/softwarecombine
- agent/tags
- agent/event
- agent/trending
- package-manager/redhat
- package-manager/debian