In the Linux kernel, the following vulnerability has been resolved:
md/raid5: fix deadlock that raid5d() wait for itself to clear MDSBCHANGE_PENDING
Xiao reported that lvm2 test lvconvert-raid-takeover.sh can hang with small possibility, the root cause is exactly the same as commit bed9e27baf52 ("Revert "md/raid5: Wait for MDSBCHANGE_PENDING in raid5d"")
However, Dan reported another hang after that, and junxiao investigated the problem and found out that this is caused by plugged bio can't issue from raid5d().
Current implementation in raid5d() has a weird dependence:
1) mdcheckrecovery() from raid5d() must hold 'reconfigmutex' to clear MDSBCHANGEPENDING; 2) raid5d() handles IO in a deadloop, until all IO are issued; 3) IO from raid5d() must wait for MDSBCHANGE_PENDING to be cleared;
This behaviour is introduce before v2.6, and for consequence, if other context hold 'reconfigmutex', and mdcheckrecovery() can't update superblock, then raid5d() will waste one cpu 100% by the deadloop, until 'reconfig_mutex' is released.
Refer to the implementation from raid1 and raid10, fix this problem by skipping issue IO if MDSBCHANGEPENDING is still set after mdcheckrecovery(), daemon thread will be woken up when 'reconfigmutex' is released. Meanwhile, the hang problem will be fixed as well.
{ "vanir_signatures": [ { "deprecated": false, "signature_type": "Line", "target": { "file": "drivers/md/raid5.c" }, "signature_version": "v1", "digest": { "line_hashes": [ "203450593187417134865919732362112555768", "278988583579029748520814146181839650199", "300588737198898252966635575821145912626", "266925357213829068113765661361375998666", "224251078718362826731420155260888711513", "79056830828962628813288656592437717730", "120952738361646405035422598515687047723", "171634925522678773724955175765310680837", "208204713004014802966714555341255501367", "55688420834565913623682185596254789069", "32441349880113208678210752657427219904", "215295511370325297438549760595694734160", "158597485849340371542463909352146294101" ], "threshold": 0.9 }, "id": "CVE-2024-39476-178a9df5", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@aa64464c8f4d2ab92f6d0b959a1e0767b829d787" }, { "deprecated": false, "signature_type": "Function", "target": { "file": "drivers/md/raid5.c", "function": "raid5d" }, "signature_version": "v1", "digest": { "length": 1724.0, "function_hash": "96324287631028732465890942630476826590" }, "id": "CVE-2024-39476-1b092bcd", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@634ba3c97ec413cb10681c7b196db43ee461ecf4" }, { "deprecated": false, "signature_type": "Line", "target": { "file": "drivers/md/raid5.c" }, "signature_version": "v1", "digest": { "line_hashes": [ "203450593187417134865919732362112555768", "278988583579029748520814146181839650199", "300588737198898252966635575821145912626", "266925357213829068113765661361375998666", "224251078718362826731420155260888711513", "79056830828962628813288656592437717730", "120952738361646405035422598515687047723", "171634925522678773724955175765310680837", "208204713004014802966714555341255501367", "55688420834565913623682185596254789069", "32441349880113208678210752657427219904", "215295511370325297438549760595694734160", "158597485849340371542463909352146294101" ], "threshold": 0.9 }, "id": "CVE-2024-39476-26de847e", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b32aa95843cac6b12c2c014d40fca18aef24a347" }, { "deprecated": false, "signature_type": "Function", "target": { "file": "drivers/md/raid5.c", "function": "raid5d" }, "signature_version": "v1", "digest": { "length": 1724.0, "function_hash": "96324287631028732465890942630476826590" }, "id": "CVE-2024-39476-31bb9ba2", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cd2538e5af495b3c747e503db346470fc1ffc447" }, { "deprecated": false, "signature_type": "Line", "target": { "file": "drivers/md/raid5.c" }, "signature_version": "v1", "digest": { "line_hashes": [ "203450593187417134865919732362112555768", "278988583579029748520814146181839650199", "300588737198898252966635575821145912626", "266925357213829068113765661361375998666", "224251078718362826731420155260888711513", "79056830828962628813288656592437717730", "120952738361646405035422598515687047723", "171634925522678773724955175765310680837", "208204713004014802966714555341255501367", "55688420834565913623682185596254789069", "32441349880113208678210752657427219904", "215295511370325297438549760595694734160", "158597485849340371542463909352146294101" ], "threshold": 0.9 }, "id": "CVE-2024-39476-485641cc", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@634ba3c97ec413cb10681c7b196db43ee461ecf4" }, { "deprecated": false, "signature_type": "Function", "target": { "file": "drivers/md/raid5.c", "function": "raid5d" }, "signature_version": "v1", "digest": { "length": 1724.0, "function_hash": "96324287631028732465890942630476826590" }, "id": "CVE-2024-39476-4da2b35f", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e332a12f65d8fed8cf63bedb4e9317bb872b9ac7" }, { "deprecated": false, "signature_type": "Function", "target": { "file": "drivers/md/raid5.c", "function": "raid5d" }, "signature_version": "v1", "digest": { "length": 1724.0, "function_hash": "96324287631028732465890942630476826590" }, "id": "CVE-2024-39476-5e5b92d9", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@aa64464c8f4d2ab92f6d0b959a1e0767b829d787" }, { "deprecated": false, "signature_type": "Line", "target": { "file": "drivers/md/raid5.c" }, "signature_version": "v1", "digest": { "line_hashes": [ "203450593187417134865919732362112555768", "278988583579029748520814146181839650199", "300588737198898252966635575821145912626", "266925357213829068113765661361375998666", "224251078718362826731420155260888711513", "79056830828962628813288656592437717730", "120952738361646405035422598515687047723", "171634925522678773724955175765310680837", "208204713004014802966714555341255501367", "55688420834565913623682185596254789069", "32441349880113208678210752657427219904", "215295511370325297438549760595694734160", "158597485849340371542463909352146294101" ], "threshold": 0.9 }, "id": "CVE-2024-39476-68c84b8b", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@098d54934814dd876963abfe751c3b1cf7fbe56a" }, { "deprecated": false, "signature_type": "Function", "target": { "file": "drivers/md/raid5.c", "function": "raid5d" }, "signature_version": "v1", "digest": { "length": 1724.0, "function_hash": "96324287631028732465890942630476826590" }, "id": "CVE-2024-39476-6c413ee0", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@151f66bb618d1fd0eeb84acb61b4a9fa5d8bb0fa" }, { "deprecated": false, "signature_type": "Function", "target": { "file": "drivers/md/raid5.c", "function": "raid5d" }, "signature_version": "v1", "digest": { "length": 1724.0, "function_hash": "96324287631028732465890942630476826590" }, "id": "CVE-2024-39476-79c88378", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@098d54934814dd876963abfe751c3b1cf7fbe56a" }, { "deprecated": false, "signature_type": "Line", "target": { "file": "drivers/md/raid5.c" }, "signature_version": "v1", "digest": { "line_hashes": [ "203450593187417134865919732362112555768", "278988583579029748520814146181839650199", "300588737198898252966635575821145912626", "266925357213829068113765661361375998666", "224251078718362826731420155260888711513", "79056830828962628813288656592437717730", "120952738361646405035422598515687047723", "171634925522678773724955175765310680837", "208204713004014802966714555341255501367", "55688420834565913623682185596254789069", "32441349880113208678210752657427219904", "215295511370325297438549760595694734160", "158597485849340371542463909352146294101" ], "threshold": 0.9 }, "id": "CVE-2024-39476-8f86730f", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3f8d5e802d4cedd445f9a89be8c3fd2d0e99024b" }, { "deprecated": false, "signature_type": "Line", "target": { "file": "drivers/md/raid5.c" }, "signature_version": "v1", "digest": { "line_hashes": [ "203450593187417134865919732362112555768", "278988583579029748520814146181839650199", "300588737198898252966635575821145912626", "266925357213829068113765661361375998666", "224251078718362826731420155260888711513", "79056830828962628813288656592437717730", "120952738361646405035422598515687047723", "171634925522678773724955175765310680837", "208204713004014802966714555341255501367", "55688420834565913623682185596254789069", "32441349880113208678210752657427219904", "215295511370325297438549760595694734160", "158597485849340371542463909352146294101" ], "threshold": 0.9 }, "id": "CVE-2024-39476-9fab9ad3", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@151f66bb618d1fd0eeb84acb61b4a9fa5d8bb0fa" }, { "deprecated": false, "signature_type": "Line", "target": { "file": "drivers/md/raid5.c" }, "signature_version": "v1", "digest": { "line_hashes": [ "203450593187417134865919732362112555768", "278988583579029748520814146181839650199", "300588737198898252966635575821145912626", "266925357213829068113765661361375998666", "224251078718362826731420155260888711513", "79056830828962628813288656592437717730", "120952738361646405035422598515687047723", "171634925522678773724955175765310680837", "208204713004014802966714555341255501367", "55688420834565913623682185596254789069", "32441349880113208678210752657427219904", "215295511370325297438549760595694734160", "158597485849340371542463909352146294101" ], "threshold": 0.9 }, "id": "CVE-2024-39476-b44b6658", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e332a12f65d8fed8cf63bedb4e9317bb872b9ac7" }, { "deprecated": false, "signature_type": "Function", "target": { "file": "drivers/md/raid5.c", "function": "raid5d" }, "signature_version": "v1", "digest": { "length": 1724.0, "function_hash": "96324287631028732465890942630476826590" }, "id": "CVE-2024-39476-d33a3560", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b32aa95843cac6b12c2c014d40fca18aef24a347" }, { "deprecated": false, "signature_type": "Function", "target": { "file": "drivers/md/raid5.c", "function": "raid5d" }, "signature_version": "v1", "digest": { "length": 1724.0, "function_hash": "96324287631028732465890942630476826590" }, "id": "CVE-2024-39476-e80756ae", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3f8d5e802d4cedd445f9a89be8c3fd2d0e99024b" }, { "deprecated": false, "signature_type": "Line", "target": { "file": "drivers/md/raid5.c" }, "signature_version": "v1", "digest": { "line_hashes": [ "203450593187417134865919732362112555768", "278988583579029748520814146181839650199", "300588737198898252966635575821145912626", "266925357213829068113765661361375998666", "224251078718362826731420155260888711513", "79056830828962628813288656592437717730", "120952738361646405035422598515687047723", "171634925522678773724955175765310680837", "208204713004014802966714555341255501367", "55688420834565913623682185596254789069", "32441349880113208678210752657427219904", "215295511370325297438549760595694734160", "158597485849340371542463909352146294101" ], "threshold": 0.9 }, "id": "CVE-2024-39476-faedd480", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cd2538e5af495b3c747e503db346470fc1ffc447" } ] }