In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix potential kernel bug due to lack of writeback flag waiting
Destructive writes to a block device on which nilfs2 is mounted can cause a kernel bug in the folio/page writeback start routine or writeback end routine (_foliostart_writeback in the log below):
kernel BUG at mm/page-writeback.c:3070! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI ... RIP: 0010:_foliostartwriteback+0xbaa/0x10e0 Code: 25 ff 0f 00 00 0f 84 18 01 00 00 e8 40 ca c6 ff e9 17 f6 ff ff e8 36 ca c6 ff 4c 89 f7 48 c7 c6 80 c0 12 84 e8 e7 b3 0f 00 90 <0f> 0b e8 1f ca c6 ff 4c 89 f7 48 c7 c6 a0 c6 12 84 e8 d0 b3 0f 00 ... Call Trace: <TASK> nilfssegctordoconstruct+0x4654/0x69d0 [nilfs2] nilfssegctorconstruct+0x181/0x6b0 [nilfs2] nilfssegctorthread+0x548/0x11c0 [nilfs2] kthread+0x2f0/0x390 retfromfork+0x4b/0x80 retfromfork_asm+0x1a/0x30 </TASK>
This is because when the log writer starts a writeback for segment summary blocks or a super root block that use the backing device's page cache, it does not wait for the ongoing folio/page writeback, resulting in an inconsistent writeback state.
Fix this issue by waiting for ongoing writebacks when putting folios/pages on the backing device into writeback state.
{ "vanir_signatures": [ { "digest": { "length": 856.0, "function_hash": "316306548627646951953642545050599537715" }, "target": { "function": "nilfs_segctor_prepare_write", "file": "fs/nilfs2/segment.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a75b8f493dfc48aa38c518430bd9e03b53bffebe", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-37078-24f17503" }, { "digest": { "line_hashes": [ "129877492048708149726601897777855419346", "203132678433136416978757044801728659977", "88375867850393892888271844050265955252", "34311916392602206778189505469559704092", "309792070277782339236564634337213885296", "167350998526231151802592436098252681453", "277109855534782999847360458989109745850", "34311916392602206778189505469559704092", "111961026077803337126247111528982156859", "81257401649370001759584123531886451610", "88375867850393892888271844050265955252", "34311916392602206778189505469559704092" ], "threshold": 0.9 }, "target": { "file": "fs/nilfs2/segment.c" }, "signature_type": "Line", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@33900d7eae616647e179eee1c66ebe654ee39627", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-37078-2696bc53" }, { "digest": { "length": 856.0, "function_hash": "316306548627646951953642545050599537715" }, "target": { "function": "nilfs_segctor_prepare_write", "file": "fs/nilfs2/segment.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@33900d7eae616647e179eee1c66ebe654ee39627", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-37078-2f9f5d73" }, { "digest": { "line_hashes": [ "129877492048708149726601897777855419346", "203132678433136416978757044801728659977", "88375867850393892888271844050265955252", "34311916392602206778189505469559704092", "309792070277782339236564634337213885296", "167350998526231151802592436098252681453", "277109855534782999847360458989109745850", "34311916392602206778189505469559704092", "111961026077803337126247111528982156859", "81257401649370001759584123531886451610", "88375867850393892888271844050265955252", "34311916392602206778189505469559704092" ], "threshold": 0.9 }, "target": { "file": "fs/nilfs2/segment.c" }, "signature_type": "Line", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a75b8f493dfc48aa38c518430bd9e03b53bffebe", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-37078-3ee964b4" }, { "digest": { "length": 862.0, "function_hash": "318366746864941799261426264145642974652" }, "target": { "function": "nilfs_segctor_prepare_write", "file": "fs/nilfs2/segment.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1f3bff69f1214fe03a02bc650d5bbfaa6e65ae7d", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-37078-522a7ca8" }, { "digest": { "line_hashes": [ "220918916414400514784490145924723065408", "114558428351396785078868715599949934083", "223620553096265070230253760006001064113", "91178036765875891821057386411940590252", "176073242666574915963372934100856099371", "92070536779151431382591708348328278285", "21157069408186284936728448961046081975", "91178036765875891821057386411940590252", "84503769475353263577135693815523306802", "298883812838846536457513254165733744319", "223620553096265070230253760006001064113", "91178036765875891821057386411940590252" ], "threshold": 0.9 }, "target": { "file": "fs/nilfs2/segment.c" }, "signature_type": "Line", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1f3bff69f1214fe03a02bc650d5bbfaa6e65ae7d", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-37078-56372e28" }, { "digest": { "line_hashes": [ "129877492048708149726601897777855419346", "203132678433136416978757044801728659977", "88375867850393892888271844050265955252", "34311916392602206778189505469559704092", "309792070277782339236564634337213885296", "167350998526231151802592436098252681453", "277109855534782999847360458989109745850", "34311916392602206778189505469559704092", "111961026077803337126247111528982156859", "81257401649370001759584123531886451610", "88375867850393892888271844050265955252", "34311916392602206778189505469559704092" ], "threshold": 0.9 }, "target": { "file": "fs/nilfs2/segment.c" }, "signature_type": "Line", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0ecfe3a92869a59668d27228dabbd7965e83567f", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-37078-6f115af6" }, { "digest": { "length": 856.0, "function_hash": "316306548627646951953642545050599537715" }, "target": { "function": "nilfs_segctor_prepare_write", "file": "fs/nilfs2/segment.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0ecfe3a92869a59668d27228dabbd7965e83567f", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-37078-7a427f60" }, { "digest": { "line_hashes": [ "129877492048708149726601897777855419346", "203132678433136416978757044801728659977", "88375867850393892888271844050265955252", "34311916392602206778189505469559704092", "309792070277782339236564634337213885296", "167350998526231151802592436098252681453", "277109855534782999847360458989109745850", "34311916392602206778189505469559704092", "111961026077803337126247111528982156859", "81257401649370001759584123531886451610", "88375867850393892888271844050265955252", "34311916392602206778189505469559704092" ], "threshold": 0.9 }, "target": { "file": "fs/nilfs2/segment.c" }, "signature_type": "Line", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@95f6f81e50d858a7c9aa7c795ec14a0ac3819118", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-37078-aaace093" }, { "digest": { "line_hashes": [ "129877492048708149726601897777855419346", "203132678433136416978757044801728659977", "88375867850393892888271844050265955252", "34311916392602206778189505469559704092", "309792070277782339236564634337213885296", "167350998526231151802592436098252681453", "277109855534782999847360458989109745850", "34311916392602206778189505469559704092", "111961026077803337126247111528982156859", "81257401649370001759584123531886451610", "88375867850393892888271844050265955252", "34311916392602206778189505469559704092" ], "threshold": 0.9 }, "target": { "file": "fs/nilfs2/segment.c" }, "signature_type": "Line", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@614d397be0cf43412b3f94a0f6460eddced8ce92", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-37078-bf112beb" }, { "digest": { "length": 856.0, "function_hash": "316306548627646951953642545050599537715" }, "target": { "function": "nilfs_segctor_prepare_write", "file": "fs/nilfs2/segment.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@95f6f81e50d858a7c9aa7c795ec14a0ac3819118", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-37078-c04f8737" }, { "digest": { "length": 856.0, "function_hash": "316306548627646951953642545050599537715" }, "target": { "function": "nilfs_segctor_prepare_write", "file": "fs/nilfs2/segment.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@271dcd977ccda8c7a26e360425ae7b4db7d2ecc0", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-37078-c4f2f65d" }, { "digest": { "line_hashes": [ "129877492048708149726601897777855419346", "203132678433136416978757044801728659977", "88375867850393892888271844050265955252", "34311916392602206778189505469559704092", "309792070277782339236564634337213885296", "167350998526231151802592436098252681453", "277109855534782999847360458989109745850", "34311916392602206778189505469559704092", "111961026077803337126247111528982156859", "81257401649370001759584123531886451610", "88375867850393892888271844050265955252", "34311916392602206778189505469559704092" ], "threshold": 0.9 }, "target": { "file": "fs/nilfs2/segment.c" }, "signature_type": "Line", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@271dcd977ccda8c7a26e360425ae7b4db7d2ecc0", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-37078-cdc73979" }, { "digest": { "length": 856.0, "function_hash": "316306548627646951953642545050599537715" }, "target": { "function": "nilfs_segctor_prepare_write", "file": "fs/nilfs2/segment.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@614d397be0cf43412b3f94a0f6460eddced8ce92", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-37078-d3c9db46" } ] }