In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix potential kernel bug due to lack of writeback flag waiting
Destructive writes to a block device on which nilfs2 is mounted can cause a kernel bug in the folio/page writeback start routine or writeback end routine (_foliostart_writeback in the log below):
kernel BUG at mm/page-writeback.c:3070! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI ... RIP: 0010:_foliostartwriteback+0xbaa/0x10e0 Code: 25 ff 0f 00 00 0f 84 18 01 00 00 e8 40 ca c6 ff e9 17 f6 ff ff e8 36 ca c6 ff 4c 89 f7 48 c7 c6 80 c0 12 84 e8 e7 b3 0f 00 90 <0f> 0b e8 1f ca c6 ff 4c 89 f7 48 c7 c6 a0 c6 12 84 e8 d0 b3 0f 00 ... Call Trace: <TASK> nilfssegctordoconstruct+0x4654/0x69d0 [nilfs2] nilfssegctorconstruct+0x181/0x6b0 [nilfs2] nilfssegctorthread+0x548/0x11c0 [nilfs2] kthread+0x2f0/0x390 retfromfork+0x4b/0x80 retfromfork_asm+0x1a/0x30 </TASK>
This is because when the log writer starts a writeback for segment summary blocks or a super root block that use the backing device's page cache, it does not wait for the ongoing folio/page writeback, resulting in an inconsistent writeback state.
Fix this issue by waiting for ongoing writebacks when putting folios/pages on the backing device into writeback state.
[
{
"signature_type": "Function",
"id": "CVE-2024-37078-24f17503",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a75b8f493dfc48aa38c518430bd9e03b53bffebe",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "nilfs_segctor_prepare_write",
"file": "fs/nilfs2/segment.c"
},
"digest": {
"function_hash": "316306548627646951953642545050599537715",
"length": 856.0
}
},
{
"signature_type": "Line",
"id": "CVE-2024-37078-2696bc53",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@33900d7eae616647e179eee1c66ebe654ee39627",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "fs/nilfs2/segment.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"129877492048708149726601897777855419346",
"203132678433136416978757044801728659977",
"88375867850393892888271844050265955252",
"34311916392602206778189505469559704092",
"309792070277782339236564634337213885296",
"167350998526231151802592436098252681453",
"277109855534782999847360458989109745850",
"34311916392602206778189505469559704092",
"111961026077803337126247111528982156859",
"81257401649370001759584123531886451610",
"88375867850393892888271844050265955252",
"34311916392602206778189505469559704092"
]
}
},
{
"signature_type": "Function",
"id": "CVE-2024-37078-2f9f5d73",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@33900d7eae616647e179eee1c66ebe654ee39627",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "nilfs_segctor_prepare_write",
"file": "fs/nilfs2/segment.c"
},
"digest": {
"function_hash": "316306548627646951953642545050599537715",
"length": 856.0
}
},
{
"signature_type": "Line",
"id": "CVE-2024-37078-3ee964b4",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a75b8f493dfc48aa38c518430bd9e03b53bffebe",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "fs/nilfs2/segment.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"129877492048708149726601897777855419346",
"203132678433136416978757044801728659977",
"88375867850393892888271844050265955252",
"34311916392602206778189505469559704092",
"309792070277782339236564634337213885296",
"167350998526231151802592436098252681453",
"277109855534782999847360458989109745850",
"34311916392602206778189505469559704092",
"111961026077803337126247111528982156859",
"81257401649370001759584123531886451610",
"88375867850393892888271844050265955252",
"34311916392602206778189505469559704092"
]
}
},
{
"signature_type": "Function",
"id": "CVE-2024-37078-522a7ca8",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1f3bff69f1214fe03a02bc650d5bbfaa6e65ae7d",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "nilfs_segctor_prepare_write",
"file": "fs/nilfs2/segment.c"
},
"digest": {
"function_hash": "318366746864941799261426264145642974652",
"length": 862.0
}
},
{
"signature_type": "Line",
"id": "CVE-2024-37078-56372e28",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1f3bff69f1214fe03a02bc650d5bbfaa6e65ae7d",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "fs/nilfs2/segment.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"220918916414400514784490145924723065408",
"114558428351396785078868715599949934083",
"223620553096265070230253760006001064113",
"91178036765875891821057386411940590252",
"176073242666574915963372934100856099371",
"92070536779151431382591708348328278285",
"21157069408186284936728448961046081975",
"91178036765875891821057386411940590252",
"84503769475353263577135693815523306802",
"298883812838846536457513254165733744319",
"223620553096265070230253760006001064113",
"91178036765875891821057386411940590252"
]
}
},
{
"signature_type": "Line",
"id": "CVE-2024-37078-606870dc",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a4ca369ca221bb7e06c725792ac107f0e48e82e7",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "fs/nilfs2/segment.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"220918916414400514784490145924723065408",
"114558428351396785078868715599949934083",
"223620553096265070230253760006001064113",
"91178036765875891821057386411940590252",
"176073242666574915963372934100856099371",
"92070536779151431382591708348328278285",
"21157069408186284936728448961046081975",
"91178036765875891821057386411940590252",
"84503769475353263577135693815523306802",
"298883812838846536457513254165733744319",
"223620553096265070230253760006001064113",
"91178036765875891821057386411940590252"
]
}
},
{
"signature_type": "Line",
"id": "CVE-2024-37078-6f115af6",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0ecfe3a92869a59668d27228dabbd7965e83567f",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "fs/nilfs2/segment.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"129877492048708149726601897777855419346",
"203132678433136416978757044801728659977",
"88375867850393892888271844050265955252",
"34311916392602206778189505469559704092",
"309792070277782339236564634337213885296",
"167350998526231151802592436098252681453",
"277109855534782999847360458989109745850",
"34311916392602206778189505469559704092",
"111961026077803337126247111528982156859",
"81257401649370001759584123531886451610",
"88375867850393892888271844050265955252",
"34311916392602206778189505469559704092"
]
}
},
{
"signature_type": "Function",
"id": "CVE-2024-37078-7a427f60",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0ecfe3a92869a59668d27228dabbd7965e83567f",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "nilfs_segctor_prepare_write",
"file": "fs/nilfs2/segment.c"
},
"digest": {
"function_hash": "316306548627646951953642545050599537715",
"length": 856.0
}
},
{
"signature_type": "Line",
"id": "CVE-2024-37078-aaace093",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@95f6f81e50d858a7c9aa7c795ec14a0ac3819118",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "fs/nilfs2/segment.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"129877492048708149726601897777855419346",
"203132678433136416978757044801728659977",
"88375867850393892888271844050265955252",
"34311916392602206778189505469559704092",
"309792070277782339236564634337213885296",
"167350998526231151802592436098252681453",
"277109855534782999847360458989109745850",
"34311916392602206778189505469559704092",
"111961026077803337126247111528982156859",
"81257401649370001759584123531886451610",
"88375867850393892888271844050265955252",
"34311916392602206778189505469559704092"
]
}
},
{
"signature_type": "Line",
"id": "CVE-2024-37078-bf112beb",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@614d397be0cf43412b3f94a0f6460eddced8ce92",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "fs/nilfs2/segment.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"129877492048708149726601897777855419346",
"203132678433136416978757044801728659977",
"88375867850393892888271844050265955252",
"34311916392602206778189505469559704092",
"309792070277782339236564634337213885296",
"167350998526231151802592436098252681453",
"277109855534782999847360458989109745850",
"34311916392602206778189505469559704092",
"111961026077803337126247111528982156859",
"81257401649370001759584123531886451610",
"88375867850393892888271844050265955252",
"34311916392602206778189505469559704092"
]
}
},
{
"signature_type": "Function",
"id": "CVE-2024-37078-c04f8737",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@95f6f81e50d858a7c9aa7c795ec14a0ac3819118",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "nilfs_segctor_prepare_write",
"file": "fs/nilfs2/segment.c"
},
"digest": {
"function_hash": "316306548627646951953642545050599537715",
"length": 856.0
}
},
{
"signature_type": "Function",
"id": "CVE-2024-37078-c4f2f65d",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@271dcd977ccda8c7a26e360425ae7b4db7d2ecc0",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "nilfs_segctor_prepare_write",
"file": "fs/nilfs2/segment.c"
},
"digest": {
"function_hash": "316306548627646951953642545050599537715",
"length": 856.0
}
},
{
"signature_type": "Line",
"id": "CVE-2024-37078-cdc73979",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@271dcd977ccda8c7a26e360425ae7b4db7d2ecc0",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "fs/nilfs2/segment.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"129877492048708149726601897777855419346",
"203132678433136416978757044801728659977",
"88375867850393892888271844050265955252",
"34311916392602206778189505469559704092",
"309792070277782339236564634337213885296",
"167350998526231151802592436098252681453",
"277109855534782999847360458989109745850",
"34311916392602206778189505469559704092",
"111961026077803337126247111528982156859",
"81257401649370001759584123531886451610",
"88375867850393892888271844050265955252",
"34311916392602206778189505469559704092"
]
}
},
{
"signature_type": "Function",
"id": "CVE-2024-37078-d3c9db46",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@614d397be0cf43412b3f94a0f6460eddced8ce92",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "nilfs_segctor_prepare_write",
"file": "fs/nilfs2/segment.c"
},
"digest": {
"function_hash": "316306548627646951953642545050599537715",
"length": 856.0
}
},
{
"signature_type": "Function",
"id": "CVE-2024-37078-decb6f85",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a4ca369ca221bb7e06c725792ac107f0e48e82e7",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "nilfs_segctor_prepare_write",
"file": "fs/nilfs2/segment.c"
},
"digest": {
"function_hash": "318366746864941799261426264145642974652",
"length": 862.0
}
}
]