DEBIAN-CVE-2024-26962

In the Linux kernel, the following vulnerability has been resolved: dm-raid456, md/raid456: fix a deadlock for dm-raid456 while io concurrent with reshape For raid456, if reshape is still in progress, then IO across reshape position will wait for reshape to make progress. However, for dm-raid, in following cases reshape will never make progress hence IO will hang: 1) the array is read-only; 2) MDRECOVERYWAIT is set; 3) MDRECOVERYFROZEN is set; After commit c467e97f079f ("md/raid6: use valid sector values to determine if an I/O should wait on the reshape") fix the problem that IO across reshape position doesn't wait for reshape, the dm-raid test shell/lvconvert-raid-reshape.sh start to hang: [root@fedora ~]# cat /proc/979/stack [<0>] waitwoken+0x7d/0x90 [<0>] raid5makerequest+0x929/0x1d70 [raid456] [<0>] mdhandlerequest+0xc2/0x3b0 [mdmod] [<0>] raidmap+0x2c/0x50 [dmraid] [<0>] _mapbio+0x251/0x380 [dmmod] [<0>] dmsubmitbio+0x1f0/0x760 [dmmod] [<0>] _submitbio+0xc2/0x1c0 [<0>] submitbionoacctnocheck+0x17f/0x450 [<0>] submitbionoacct+0x2bc/0x780 [<0>] submitbio+0x70/0xc0 [<0>] mpagereadahead+0x169/0x1f0 [<0>] blkdevreadahead+0x18/0x30 [<0>] readpages+0x7c/0x3b0 [<0>] pagecacheraunbounded+0x1ab/0x280 [<0>] forcepagecachera+0x9e/0x130 [<0>] pagecachesyncra+0x3b/0x110 [<0>] filemapgetpages+0x143/0xa30 [<0>] filemapread+0xdc/0x4b0 [<0>] blkdevreaditer+0x75/0x200 [<0>] vfsread+0x272/0x460 [<0>] ksysread+0x7a/0x170 [<0>] _x64sysread+0x1c/0x30 [<0>] dosyscall64+0xc6/0x230 [<0>] entrySYSCALL64afterhwframe+0x6c/0x74 This is because reshape can't make progress. For md/raid, the problem doesn't exist because register new syncthread doesn't rely on the IO to be done any more: 1) If array is read-only, it can switch to read-write by ioctl/sysfs; 2) md/raid never set MDRECOVERYWAIT; 3) If MDRECOVERYFROZEN is set, mddevsuspend() doesn't hold 'reconfigmutex', hence it can be cleared and reshape can continue by sysfs api 'syncaction'. However, I'm not sure yet how to avoid the problem in dm-raid yet. This patch on the one hand make sure raidmessage() can't change syncthread() through raidmessage() after presuspend(), on the other hand detect the above 3 cases before wait for IO do be done in dmsuspend(), and let dm-raid requeue those IO.