CVE-2024-38582

Summary

In the Linux kernel, the following vulnerability has been resolved:

nilfs2: fix potential hang in nilfs_detach_log_writer()

Syzbot has reported a potential hang in nilfs_detach_log_writer() called during nilfs2 unmount.

Analysis revealed that this is because nilfs_segctor_sync(), which synchronizes with the log writer thread, can be called after nilfs_segctor_destroy() terminates that thread, as shown in the call trace below:

nilfs_detach_log_writer nilfs_segctor_destroy nilfs_segctor_kill_thread –> Shut down log writer thread flush_work nilfs_iput_work_func nilfs_dispose_list iput nilfs_evict_inode nilfs_transaction_commit nilfs_construct_segment (if inode needs sync) nilfs_segctor_sync –> Attempt to synchronize with log writer thread *** DEADLOCK ***

Fix this issue by changing nilfs_segctor_sync() so that the log writer thread returns normally without synchronizing after it terminates, and by forcing tasks that are already waiting to complete once after the thread terminates.

The skipped inode metadata flushout will then be processed together in the subsequent cleanup work in nilfs_segctor_destroy().

Affected Software

VendorProductVersion RangeStatus
LinuxLinux7ef3ff2fea8bf5e4a21cef47ad87710a3d0fdb52 < 911d38be151921a5d152bb55e81fd752384c6830affected
LinuxLinux7ef3ff2fea8bf5e4a21cef47ad87710a3d0fdb52 < bc9cee50a4a4ca23bdc49f75ea8242d8a2193b3baffected
LinuxLinux7ef3ff2fea8bf5e4a21cef47ad87710a3d0fdb52 < eff7cdf890b02596b8d73e910bdbdd489175dbdbaffected
LinuxLinux7ef3ff2fea8bf5e4a21cef47ad87710a3d0fdb52 < 06afce714d87c7cd1dcfccbcd800c5c5d2cf1cfdaffected
LinuxLinux7ef3ff2fea8bf5e4a21cef47ad87710a3d0fdb52 < 1c3844c5f4eac043954ebf6403fa9fd1f0e9c1c0affected
LinuxLinux7ef3ff2fea8bf5e4a21cef47ad87710a3d0fdb52 < a8799662fed1f8747edae87a1937549288baca6aaffected
LinuxLinux7ef3ff2fea8bf5e4a21cef47ad87710a3d0fdb52 < 6e5c8e8e024e147b834f56f2115aad241433679baffected
LinuxLinux7ef3ff2fea8bf5e4a21cef47ad87710a3d0fdb52 < c516db6ab9eabbedbc430b4f93b0d8728e9b427faffected
LinuxLinux7ef3ff2fea8bf5e4a21cef47ad87710a3d0fdb52 < eb85dace897c5986bc2f36b3c783c6abb8a4292eaffected
LinuxLinuxc23f3a9fa7826af0465b9408b186f6b555991890affected
LinuxLinux28cd54f27d309bd65db8ff4b8e6275345287484caffected
LinuxLinuxec7cae16b37ab478d6d7e33e8563b24ca189e6cfaffected
LinuxLinuxd26f2dfa556323787ee1ebd5d03aeaa8650c7404affected
LinuxLinux52e87609d9d3ea34cadb5676e8ea85d025ac9632affected
LinuxLinux7bb9e4a06e12583f1418b669dc45bb3ee84496c6affected
LinuxLinux3.2.68 < 3.3affected
LinuxLinux3.4.107 < 3.5affected
LinuxLinux3.10.69 < 3.11affected
LinuxLinux3.12.38 < 3.13affected
LinuxLinux3.14.33 < 3.15affected
LinuxLinux3.18.7 < 3.19affected
LinuxLinux3.19affected
LinuxLinux0 < 3.19unaffected
LinuxLinux4.19.316 <= 4.19.*unaffected
LinuxLinux5.4.278 <= 5.4.*unaffected
LinuxLinux5.10.219 <= 5.10.*unaffected
LinuxLinux5.15.161 <= 5.15.*unaffected
LinuxLinux6.1.93 <= 6.1.*unaffected
LinuxLinux6.6.33 <= 6.6.*unaffected
LinuxLinux6.8.12 <= 6.8.*unaffected
LinuxLinux6.9.3 <= 6.9.*unaffected
LinuxLinux6.10 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References