| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024102131-CVE-2024-49959-ce09@gregkh>
Date: Mon, 21 Oct 2024 20:02:47 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2024-49959: jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error
In __jbd2_log_wait_for_space(), we might call jbd2_cleanup_journal_tail()
to recover some journal space. But if an error occurs while executing
jbd2_cleanup_journal_tail() (e.g., an EIO), we don't stop waiting for free
space right away, we try other branches, and if j_committing_transaction
is NULL (i.e., the tid is 0), we will get the following complain:
============================================
JBD2: I/O error when updating journal superblock for sdd-8.
__jbd2_log_wait_for_space: needed 256 blocks and only had 217 space available
__jbd2_log_wait_for_space: no way to get more journal space in sdd-8
------------[ cut here ]------------
WARNING: CPU: 2 PID: 139804 at fs/jbd2/checkpoint.c:109 __jbd2_log_wait_for_space+0x251/0x2e0
Modules linked in:
CPU: 2 PID: 139804 Comm: kworker/u8:3 Not tainted 6.6.0+ #1
RIP: 0010:__jbd2_log_wait_for_space+0x251/0x2e0
Call Trace:
<TASK>
add_transaction_credits+0x5d1/0x5e0
start_this_handle+0x1ef/0x6a0
jbd2__journal_start+0x18b/0x340
ext4_dirty_inode+0x5d/0xb0
__mark_inode_dirty+0xe4/0x5d0
generic_update_time+0x60/0x70
[...]
============================================
So only if jbd2_cleanup_journal_tail() returns 1, i.e., there is nothing to
clean up at the moment, continue to try to reclaim free space in other ways.
Note that this fix relies on commit 6f6a6fda2945 ("jbd2: fix ocfs2 corrupt
when updating journal superblock fails") to make jbd2_cleanup_journal_tail
return the correct error code.
The Linux kernel CVE team has assigned CVE-2024-49959 to this issue.
Affected and fixed versions
===========================
Issue introduced in 2.6.28 with commit 8c3f25d8950c and fixed in 5.10.227 with commit 481e8f18a290
Issue introduced in 2.6.28 with commit 8c3f25d8950c and fixed in 5.15.168 with commit ec7f8337c98a
Issue introduced in 2.6.28 with commit 8c3f25d8950c and fixed in 6.1.113 with commit 70bae48377a2
Issue introduced in 2.6.28 with commit 8c3f25d8950c and fixed in 6.6.55 with commit 1c62dc0d82c6
Issue introduced in 2.6.28 with commit 8c3f25d8950c and fixed in 6.10.14 with commit 3ced0fe6c0ef
Issue introduced in 2.6.28 with commit 8c3f25d8950c and fixed in 6.11.3 with commit c6bf043b210e
Issue introduced in 2.6.28 with commit 8c3f25d8950c and fixed in 6.12-rc1 with commit f5cacdc6f2bb
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2024-49959
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
fs/jbd2/checkpoint.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/481e8f18a290e39e04ddb7feb2bb2a2cc3b213ed
https://git.kernel.org/stable/c/ec7f8337c98ad281020ad1f11ba492462d80737a
https://git.kernel.org/stable/c/70bae48377a2c4296fd3caf4caf8f11079111019
https://git.kernel.org/stable/c/1c62dc0d82c62f0dc8fcdc4843208e522acccaf5
https://git.kernel.org/stable/c/3ced0fe6c0eff032733ea8b38778b34707270138
https://git.kernel.org/stable/c/c6bf043b210eac67d35a114e345c4e5585672913
https://git.kernel.org/stable/c/f5cacdc6f2bb2a9bf214469dd7112b43dd2dd68a
Powered by blists - more mailing lists