CVE-2024-26899 Information

Description

In the Linux kernel the following vulnerability has been resolved:

block: fix deadlock between bd_link_disk_holder and partition scan

‘open_mutex’ of gendisk is used to protect open/close block devices. But in bd_link_disk_holder() it is used to protect the creation of symlink between holding disk and slave bdev which introduces some issues.

When bd_link_disk_holder() is called the driver is usually in the process of initialization/modification and may suspend submitting io. At this time any io hold ‘open_mutex’ such as scanning partitions can cause deadlocks. For example in raid:

T1 T2 bdev_open_by_dev lock open_mutex [1] … efi_partition … md_submit_bio md_ioctl mddev_syspend -> suspend all io md_add_new_disk bind_rdev_to_array bd_link_disk_holder try lock open_mutex [2] md_handle_request -> wait mddev_resume

T1 scan partition T2 add a new device to raid. T1 waits for T2 to resume mddev but T2 waits for open_mutex held by T1. Deadlock occurs.

Fix it by introducing a local mutex ‘blk_holder_mutex’ to replace ‘open_mutex’.

Reference

https://git.kernel.org/stable/c/1e5c5b0abaee7b62a10b9707a62083b71ad21f62 https://git.kernel.org/stable/c/5a87c1f7993bc8ac358a3766bac5dc7126e01e98 https://git.kernel.org/stable/c/03f12122b20b6e6028e9ed69030a49f9cffcbb75