CVE-2024-56565
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-56565
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-56565.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-56565
- Downstream
- Related
- Published
- 2024-12-27T15:15:15Z
- Modified
- 2025-08-09T19:01:27Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to drop all discards after creating snapshot on lvm device
Piergiorgio reported a bug in bugzilla as below:
------------[ cut here ]------------ WARNING: CPU: 2 PID: 969 at fs/f2fs/segment.c:1330 RIP: 0010:_submitdiscardcmd+0x27d/0x400 [f2fs] Call Trace: _issuediscardcmd+0x1ca/0x350 [f2fs] issuediscardthread+0x191/0x480 [f2fs] kthread+0xcf/0x100 retfromfork+0x31/0x50 retfromfork_asm+0x1a/0x30
w/ below testcase, it can reproduce this bug quickly: - pvcreate /dev/vdb - vgcreate myvg1 /dev/vdb - lvcreate -L 1024m -n mylv1 myvg1 - mount /dev/myvg1/mylv1 /mnt/f2fs - dd if=/dev/zero of=/mnt/f2fs/file bs=1M count=20 - sync - rm /mnt/f2fs/file - sync - lvcreate -L 1024m -s -n mylv1-snapshot /dev/myvg1/mylv1 - umount /mnt/f2fs
The root cause is: it will update discardmaxbytes of mounted lvm device to zero after creating snapshot on this lvm device, then, _submitdiscardcmd() will pass parameter @nrsects w/ zero value to _blkdevissue_discard(), it returns a NULL bio pointer, result in panic.
This patch changes as below for fixing: 1. Let's drop all remained discards in f2fsunfreeze() if snapshot of lvm device is created. 2. Checking discardmaxbytes before submitting discard during _submitdiscardcmd().
- References