| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024072933-conical-chevy-f9c4@gregkh> Date: Mon, 29 Jul 2024 15:07:55 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: Filipe Manana <fdmanana@...nel.org> Cc: cve@...nel.org, linux-kernel@...r.kernel.org, linux-cve-announce@...r.kernel.org Subject: Re: CVE-2024-26905: btrfs: fix data races when accessing the reserved amount of block reserves On Mon, Jul 29, 2024 at 01:46:37PM +0100, Filipe Manana wrote: > On Wed, Apr 17, 2024 at 12:29:20PM +0200, Greg Kroah-Hartman wrote: > > Description > > =========== > > > > In the Linux kernel, the following vulnerability has been resolved: > > > > btrfs: fix data races when accessing the reserved amount of block reserves > > > > Greg, can you clarify why is this being classified as a CVE? The text of the changelog made it sound like a race condition that was being fixed, except for this bit: > > So add a helper to get the reserved amount of a block reserve while > > holding the lock. The value may be not be up to date anymore when used by > > need_preemptive_reclaim() and btrfs_preempt_reclaim_metadata_space(), but > > that's ok since the worst it can do is cause more reclaim work do be done > > sooner rather than later. Reading the field while holding the lock instead > > of using the data_race() annotation is used in order to prevent load > > tearing. That paragraph explains that this really isn't a vulnerability, sorry about that. I'll go reject this CVE id now, thanks for the review! greg k-h
Powered by blists - more mailing lists