ghsa-x63m-j7x3-7j84
Vulnerability from github
Published
2024-12-29 12:30
Modified
2025-01-08 00:30
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details

In the Linux kernel, the following vulnerability has been resolved:

f2fs: fix to avoid potential deadlock in f2fs_record_stop_reason()

syzbot reports deadlock issue of f2fs as below:

====================================================== WARNING: possible circular locking dependency detected 6.12.0-rc3-syzkaller-00087-gc964ced77262 #0 Not tainted

kswapd0/79 is trying to acquire lock: ffff888011824088 (&sbi->sb_lock){++++}-{3:3}, at: f2fs_down_write fs/f2fs/f2fs.h:2199 [inline] ffff888011824088 (&sbi->sb_lock){++++}-{3:3}, at: f2fs_record_stop_reason+0x52/0x1d0 fs/f2fs/super.c:4068

but task is already holding lock: ffff88804bd92610 (sb_internal#2){.+.+}-{0:0}, at: f2fs_evict_inode+0x662/0x15c0 fs/f2fs/inode.c:842

which lock already depends on the new lock.

the existing dependency chain (in reverse order) is:

-> #2 (sb_internal#2){.+.+}-{0:0}: lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825 percpu_down_read include/linux/percpu-rwsem.h:51 [inline] __sb_start_write include/linux/fs.h:1716 [inline] sb_start_intwrite+0x4d/0x1c0 include/linux/fs.h:1899 f2fs_evict_inode+0x662/0x15c0 fs/f2fs/inode.c:842 evict+0x4e8/0x9b0 fs/inode.c:725 f2fs_evict_inode+0x1a4/0x15c0 fs/f2fs/inode.c:807 evict+0x4e8/0x9b0 fs/inode.c:725 dispose_list fs/inode.c:774 [inline] prune_icache_sb+0x239/0x2f0 fs/inode.c:963 super_cache_scan+0x38c/0x4b0 fs/super.c:223 do_shrink_slab+0x701/0x1160 mm/shrinker.c:435 shrink_slab+0x1093/0x14d0 mm/shrinker.c:662 shrink_one+0x43b/0x850 mm/vmscan.c:4818 shrink_many mm/vmscan.c:4879 [inline] lru_gen_shrink_node mm/vmscan.c:4957 [inline] shrink_node+0x3799/0x3de0 mm/vmscan.c:5937 kswapd_shrink_node mm/vmscan.c:6765 [inline] balance_pgdat mm/vmscan.c:6957 [inline] kswapd+0x1ca3/0x3700 mm/vmscan.c:7226 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

-> #1 (fs_reclaim){+.+.}-{0:0}: lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825 __fs_reclaim_acquire mm/page_alloc.c:3834 [inline] fs_reclaim_acquire+0x88/0x130 mm/page_alloc.c:3848 might_alloc include/linux/sched/mm.h:318 [inline] prepare_alloc_pages+0x147/0x5b0 mm/page_alloc.c:4493 __alloc_pages_noprof+0x16f/0x710 mm/page_alloc.c:4722 alloc_pages_mpol_noprof+0x3e8/0x680 mm/mempolicy.c:2265 alloc_pages_noprof mm/mempolicy.c:2345 [inline] folio_alloc_noprof+0x128/0x180 mm/mempolicy.c:2352 filemap_alloc_folio_noprof+0xdf/0x500 mm/filemap.c:1010 do_read_cache_folio+0x2eb/0x850 mm/filemap.c:3787 read_mapping_folio include/linux/pagemap.h:1011 [inline] f2fs_commit_super+0x3c0/0x7d0 fs/f2fs/super.c:4032 f2fs_record_stop_reason+0x13b/0x1d0 fs/f2fs/super.c:4079 f2fs_handle_critical_error+0x2ac/0x5c0 fs/f2fs/super.c:4174 f2fs_write_inode+0x35f/0x4d0 fs/f2fs/inode.c:785 write_inode fs/fs-writeback.c:1503 [inline] __writeback_single_inode+0x711/0x10d0 fs/fs-writeback.c:1723 writeback_single_inode+0x1f3/0x660 fs/fs-writeback.c:1779 sync_inode_metadata+0xc4/0x120 fs/fs-writeback.c:2849 f2fs_release_file+0xa8/0x100 fs/f2fs/file.c:1941 __fput+0x23f/0x880 fs/file_table.c:431 task_work_run+0x24f/0x310 kernel/task_work.c:228 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x168/0x370 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f ---truncated---

Show details on source website

To clipboard 

{
   affected: [],
   aliases: [
      "CVE-2024-56744",
   ],
   database_specific: {
      cwe_ids: [
         "CWE-667",
      ],
      github_reviewed: false,
      github_reviewed_at: null,
      nvd_published_at: "2024-12-29T12:15:07Z",
      severity: "MODERATE",
   },
   details: "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to avoid potential deadlock in f2fs_record_stop_reason()\n\nsyzbot reports deadlock issue of f2fs as below:\n\n======================================================\nWARNING: possible circular locking dependency detected\n6.12.0-rc3-syzkaller-00087-gc964ced77262 #0 Not tainted\n------------------------------------------------------\nkswapd0/79 is trying to acquire lock:\nffff888011824088 (&sbi->sb_lock){++++}-{3:3}, at: f2fs_down_write fs/f2fs/f2fs.h:2199 [inline]\nffff888011824088 (&sbi->sb_lock){++++}-{3:3}, at: f2fs_record_stop_reason+0x52/0x1d0 fs/f2fs/super.c:4068\n\nbut task is already holding lock:\nffff88804bd92610 (sb_internal#2){.+.+}-{0:0}, at: f2fs_evict_inode+0x662/0x15c0 fs/f2fs/inode.c:842\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-> #2 (sb_internal#2){.+.+}-{0:0}:\n       lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825\n       percpu_down_read include/linux/percpu-rwsem.h:51 [inline]\n       __sb_start_write include/linux/fs.h:1716 [inline]\n       sb_start_intwrite+0x4d/0x1c0 include/linux/fs.h:1899\n       f2fs_evict_inode+0x662/0x15c0 fs/f2fs/inode.c:842\n       evict+0x4e8/0x9b0 fs/inode.c:725\n       f2fs_evict_inode+0x1a4/0x15c0 fs/f2fs/inode.c:807\n       evict+0x4e8/0x9b0 fs/inode.c:725\n       dispose_list fs/inode.c:774 [inline]\n       prune_icache_sb+0x239/0x2f0 fs/inode.c:963\n       super_cache_scan+0x38c/0x4b0 fs/super.c:223\n       do_shrink_slab+0x701/0x1160 mm/shrinker.c:435\n       shrink_slab+0x1093/0x14d0 mm/shrinker.c:662\n       shrink_one+0x43b/0x850 mm/vmscan.c:4818\n       shrink_many mm/vmscan.c:4879 [inline]\n       lru_gen_shrink_node mm/vmscan.c:4957 [inline]\n       shrink_node+0x3799/0x3de0 mm/vmscan.c:5937\n       kswapd_shrink_node mm/vmscan.c:6765 [inline]\n       balance_pgdat mm/vmscan.c:6957 [inline]\n       kswapd+0x1ca3/0x3700 mm/vmscan.c:7226\n       kthread+0x2f0/0x390 kernel/kthread.c:389\n       ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n       ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\n-> #1 (fs_reclaim){+.+.}-{0:0}:\n       lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825\n       __fs_reclaim_acquire mm/page_alloc.c:3834 [inline]\n       fs_reclaim_acquire+0x88/0x130 mm/page_alloc.c:3848\n       might_alloc include/linux/sched/mm.h:318 [inline]\n       prepare_alloc_pages+0x147/0x5b0 mm/page_alloc.c:4493\n       __alloc_pages_noprof+0x16f/0x710 mm/page_alloc.c:4722\n       alloc_pages_mpol_noprof+0x3e8/0x680 mm/mempolicy.c:2265\n       alloc_pages_noprof mm/mempolicy.c:2345 [inline]\n       folio_alloc_noprof+0x128/0x180 mm/mempolicy.c:2352\n       filemap_alloc_folio_noprof+0xdf/0x500 mm/filemap.c:1010\n       do_read_cache_folio+0x2eb/0x850 mm/filemap.c:3787\n       read_mapping_folio include/linux/pagemap.h:1011 [inline]\n       f2fs_commit_super+0x3c0/0x7d0 fs/f2fs/super.c:4032\n       f2fs_record_stop_reason+0x13b/0x1d0 fs/f2fs/super.c:4079\n       f2fs_handle_critical_error+0x2ac/0x5c0 fs/f2fs/super.c:4174\n       f2fs_write_inode+0x35f/0x4d0 fs/f2fs/inode.c:785\n       write_inode fs/fs-writeback.c:1503 [inline]\n       __writeback_single_inode+0x711/0x10d0 fs/fs-writeback.c:1723\n       writeback_single_inode+0x1f3/0x660 fs/fs-writeback.c:1779\n       sync_inode_metadata+0xc4/0x120 fs/fs-writeback.c:2849\n       f2fs_release_file+0xa8/0x100 fs/f2fs/file.c:1941\n       __fput+0x23f/0x880 fs/file_table.c:431\n       task_work_run+0x24f/0x310 kernel/task_work.c:228\n       resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]\n       exit_to_user_mode_loop kernel/entry/common.c:114 [inline]\n       exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]\n       __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]\n       syscall_exit_to_user_mode+0x168/0x370 kernel/entry/common.c:218\n       do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89\n       entry_SYSCALL_64_after_hwframe+0x77/0x7f\n---truncated---",
   id: "GHSA-x63m-j7x3-7j84",
   modified: "2025-01-08T00:30:48Z",
   published: "2024-12-29T12:30:41Z",
   references: [
      {
         type: "ADVISORY",
         url: "https://nvd.nist.gov/vuln/detail/CVE-2024-56744",
      },
      {
         type: "WEB",
         url: "https://git.kernel.org/stable/c/1539a088b108996bcdaddb7775070b5163b14233",
      },
      {
         type: "WEB",
         url: "https://git.kernel.org/stable/c/801092a2c9c251ef6a8678fcb8fcc1220474a697",
      },
      {
         type: "WEB",
         url: "https://git.kernel.org/stable/c/ecf4e6782b01fd578b565b3dd2be7bb0ac91082e",
      },
      {
         type: "WEB",
         url: "https://git.kernel.org/stable/c/f10a890308a7cd8794e21f646f09827c6cb4bf5d",
      },
   ],
   schema_version: "1.4.0",
   severity: [
      {
         score: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
         type: "CVSS_V3",
      },
   ],
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.