Overview
About vulnerability
In the Linux kernel, the following vulnerability has been resolved:
md/raid5-cache: fix a deadlock in r5l_exit_log()
Commit b13015af94cf (“md/raid5-cache: Clear conf->log after finishing work”) introduce a new problem:
// caller hold reconfig_mutex r5l_exit_log flush_work(&log->disable_writeback_work) r5c_disable_writeback_async wait_event /*
- conf->log is not NULL, and mddev_trylock()
- will fail, wait_event() can never pass. */ conf->log = NULL
Fix this problem by setting ‘config->log’ to NULL before wake_up() as it used to be, so that wait_event() from r5c_disable_writeback_async() can exist. In the meantime, move forward md_unregister_thread() so that null-ptr-deref this commit fixed can still be fixed.
Details
- Affected product:
- AlmaLinux 9.2 ESU , CentOS 8.4 ELS , CentOS 8.5 ELS , CentOS Stream 8 ELS , TuxCare 9.6 ESU
- Affected packages:
- kernel @ 4.18.0 (+4 more)
In the Linux kernel, the following vulnerability has been resolved:
md/raid5-cache: fix a deadlock in r5l_exit_log()
Commit b13015af94cf (“md/raid5-cache: Clear conf->log after finishing work”) introduce a new problem:
// caller hold reconfig_mutex r5l_exit_log flush_work(&log->disable_writeback_work) r5c_disable_writeback_async wait_event /*
- conf->log is not NULL, and mddev_trylock()
- will fail, wait_event() can never pass. */ conf->log = NULL
Fix this problem by setting ‘config->log’ to NULL before wake_up() as it used to be, so that wait_event() from r5c_disable_writeback_async() can exist. In the meantime, move forward md_unregister_thread() so that null-ptr-deref this commit fixed can still be fixed.