In the Linux kernel, the following vulnerability has been resolved:
aoe: avoid potential deadlock at set_capacity
Move set_capacity() outside of the section procected by (&d->lock). To avoid possible interrupt unsafe locking scenario:
CPU0 CPU1
---- ----
[1] lock(&bdev->bdsizelock); localirqdisable(); [2] lock(&d->lock); [3] lock(&bdev->bdsizelock); <Interrupt> [4] lock(&d->lock);
* DEADLOCK *
Where 1 hold by zramadd()->setcapacity(). [2]lock(&d->lock) hold by aoeblkgdalloc(). And aoeblkgdalloc() is trying to acquire 3 at setcapacity() call. In this situation an attempt to acquire [4]lock(&d->lock) from aoecmdcfg_rsp() will lead to deadlock.
So the simplest solution is breaking lock dependency 2 -> 3 by moving set_capacity() outside.
[ { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@673629018ba04906899dcb631beec34d871f709c", "signature_version": "v1", "target": { "function": "aoeblk_gdalloc", "file": "drivers/block/aoe/aoeblk.c" }, "digest": { "function_hash": "14427501321545158831035707598984021908", "length": 2505.0 }, "id": "CVE-2024-26775-6fff325c" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2499fa286fb010ceb289950050199f33c26667b9", "signature_version": "v1", "target": { "file": "drivers/block/aoe/aoeblk.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "309846098917636942833062511076903262262", "125686394243466950647890415728604944858", "70826467374502875951501321815029826311", "187564836750342392453185162108177571016", "255869821047090650592226056393056257339", "2630903451770442907576822437615740654", "271695623426249941740604660729609040597", "129174553412112772679157503964133305289", "116186854164865620059866793875938983780", "321921891532137274801954581756032901670", "255248672821152095420743337495226931193" ] }, "id": "CVE-2024-26775-82bcf666" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2499fa286fb010ceb289950050199f33c26667b9", "signature_version": "v1", "target": { "function": "aoeblk_gdalloc", "file": "drivers/block/aoe/aoeblk.c" }, "digest": { "function_hash": "162784984732652332685650739398192716320", "length": 2417.0 }, "id": "CVE-2024-26775-8a099b47" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2d623c94fbba3554f4446ba6f3c764994e8b0d26", "signature_version": "v1", "target": { "file": "drivers/block/aoe/aoeblk.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "309846098917636942833062511076903262262", "125686394243466950647890415728604944858", "70826467374502875951501321815029826311", "187564836750342392453185162108177571016", "255869821047090650592226056393056257339", "2630903451770442907576822437615740654", "271695623426249941740604660729609040597", "129174553412112772679157503964133305289", "161068345504105214945676068496031196305", "136239461208309290413710434269317812332", "55778411789215340178564759626428781711" ] }, "id": "CVE-2024-26775-8f063447" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@19a77b27163820f793b4d022979ffdca8f659b77", "signature_version": "v1", "target": { "file": "drivers/block/aoe/aoeblk.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "309846098917636942833062511076903262262", "125686394243466950647890415728604944858", "70826467374502875951501321815029826311", "187564836750342392453185162108177571016", "255869821047090650592226056393056257339", "2630903451770442907576822437615740654", "271695623426249941740604660729609040597", "129174553412112772679157503964133305289", "161068345504105214945676068496031196305", "136239461208309290413710434269317812332", "55778411789215340178564759626428781711" ] }, "id": "CVE-2024-26775-97555c34" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@673629018ba04906899dcb631beec34d871f709c", "signature_version": "v1", "target": { "file": "drivers/block/aoe/aoeblk.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "309846098917636942833062511076903262262", "125686394243466950647890415728604944858", "70826467374502875951501321815029826311", "187564836750342392453185162108177571016", "255869821047090650592226056393056257339", "2630903451770442907576822437615740654", "271695623426249941740604660729609040597", "129174553412112772679157503964133305289", "161068345504105214945676068496031196305", "136239461208309290413710434269317812332", "55778411789215340178564759626428781711" ] }, "id": "CVE-2024-26775-b055e2af" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e169bd4fb2b36c4b2bee63c35c740c85daeb2e86", "signature_version": "v1", "target": { "function": "aoeblk_gdalloc", "file": "drivers/block/aoe/aoeblk.c" }, "digest": { "function_hash": "163518177429406311312413651737671333908", "length": 2491.0 }, "id": "CVE-2024-26775-c8ea8244" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@19a77b27163820f793b4d022979ffdca8f659b77", "signature_version": "v1", "target": { "function": "aoeblk_gdalloc", "file": "drivers/block/aoe/aoeblk.c" }, "digest": { "function_hash": "14427501321545158831035707598984021908", "length": 2505.0 }, "id": "CVE-2024-26775-dddcc999" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e169bd4fb2b36c4b2bee63c35c740c85daeb2e86", "signature_version": "v1", "target": { "file": "drivers/block/aoe/aoeblk.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "309846098917636942833062511076903262262", "125686394243466950647890415728604944858", "70826467374502875951501321815029826311", "187564836750342392453185162108177571016", "255869821047090650592226056393056257339", "2630903451770442907576822437615740654", "271695623426249941740604660729609040597", "129174553412112772679157503964133305289", "161068345504105214945676068496031196305", "136239461208309290413710434269317812332", "55778411789215340178564759626428781711" ] }, "id": "CVE-2024-26775-e4083b27" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2d623c94fbba3554f4446ba6f3c764994e8b0d26", "signature_version": "v1", "target": { "function": "aoeblk_gdalloc", "file": "drivers/block/aoe/aoeblk.c" }, "digest": { "function_hash": "14427501321545158831035707598984021908", "length": 2505.0 }, "id": "CVE-2024-26775-eb64c2eb" } ]