admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-01 11:11:27 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-357xx/CVE-2024-35784.json
cad-safe-bot e3dd58aac9 Auto-Update: 2024-05-17T20:00:39.166471+00:00
2024-05-17 20:03:31 +00:00

28 lines
2.9 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-35784",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T13:15:58.270",
"lastModified": "2024-05-17T18:35:35.070",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix deadlock with fiemap and extent locking\n\nWhile working on the patchset to remove extent locking I got a lockdep\nsplat with fiemap and pagefaulting with my new extent lock replacement\nlock.\n\nThis deadlock exists with our normal code, we just don't have lockdep\nannotations with the extent locking so we've never noticed it.\n\nSince we're copying the fiemap extent to user space on every iteration\nwe have the chance of pagefaulting. Because we hold the extent lock for\nthe entire range we could mkwrite into a range in the file that we have\nmmap'ed. This would deadlock with the following stack trace\n\n[<0>] lock_extent+0x28d/0x2f0\n[<0>] btrfs_page_mkwrite+0x273/0x8a0\n[<0>] do_page_mkwrite+0x50/0xb0\n[<0>] do_fault+0xc1/0x7b0\n[<0>] __handle_mm_fault+0x2fa/0x460\n[<0>] handle_mm_fault+0xa4/0x330\n[<0>] do_user_addr_fault+0x1f4/0x800\n[<0>] exc_page_fault+0x7c/0x1e0\n[<0>] asm_exc_page_fault+0x26/0x30\n[<0>] rep_movs_alternative+0x33/0x70\n[<0>] _copy_to_user+0x49/0x70\n[<0>] fiemap_fill_next_extent+0xc8/0x120\n[<0>] emit_fiemap_extent+0x4d/0xa0\n[<0>] extent_fiemap+0x7f8/0xad0\n[<0>] btrfs_fiemap+0x49/0x80\n[<0>] __x64_sys_ioctl+0x3e1/0xb50\n[<0>] do_syscall_64+0x94/0x1a0\n[<0>] entry_SYSCALL_64_after_hwframe+0x6e/0x76\n\nI wrote an fstest to reproduce this deadlock without my replacement lock\nand verified that the deadlock exists with our existing locking.\n\nTo fix this simply don't take the extent lock for the entire duration of\nthe fiemap. This is safe in general because we keep track of where we\nare when we're searching the tree, so if an ordered extent updates in\nthe middle of our fiemap call we'll still emit the correct extents\nbecause we know what offset we were on before.\n\nThe only place we maintain the lock is searching delalloc. Since the\ndelalloc stuff can change during writeback we want to lock the extent\nrange so we have a consistent view of delalloc at the time we're\nchecking to see if we need to set the delalloc flag.\n\nWith this patch applied we no longer deadlock with my testcase."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/89bca7fe6382d61e88c67a0b0e7bce315986fb8b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b0ad381fa7690244802aed119b478b4bdafc31dd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ded566b4637f1b6b4c9ba74e7d0b8493e93f19cf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}
Reference in New Issue View Git Blame Copy Permalink