DEBIAN-CVE-2023-53791

In the Linux kernel, the following vulnerability has been resolved: md: fix warning for holder mismatch from exportrdev() Commit a1d767191096 ("md: use mddev->external to select holder in exportrdev()") fix the problem that 'claimrdev' is used for blkdevgetbydev() while 'rdev' is used for blkdevput(). However, if mddev->external is changed from 0 to 1, then 'rdev' is used for blkdevgetbydev() while 'claimrdev' is used for blkdevput(). And this problem can be reporduced reliably by following: New file: mdadm/tests/23rdev-lifetime devname=${dev0##*/} devt=cat /sys/block/$devname/dev pid="" runtime=2 cleanuptest() { pill -9 $pid echo clear > /sys/block/md0/md/arraystate } trap 'cleanuptest' EXIT addbysysfs() { while true; do echo $devt > /sys/block/md0/md/newdev done } removebysysfs(){ while true; do echo remove > /sys/block/md0/md/dev-${devname}/state done } echo md0 > /sys/module/mdmod/parameters/newarray || die "create md0 failed" addbysysfs & pid="$pid $!" removebysysfs & pid="$pid $!" sleep $runtime exit 0 Test cmd: ./test --save-logs --logdir=/tmp/ --keep-going --dev=loop --tests=23rdev-lifetime Test result: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 960 at block/bdev.c:618 blkdevput+0x27c/0x330 Modules linked in: multipath mdmod loop CPU: 0 PID: 960 Comm: test Not tainted 6.5.0-rc2-00121-g01e55c376936-dirty #50 RIP: 0010:blkdevput+0x27c/0x330 Call Trace: <TASK> exportrdev.isra.23+0x50/0xa0 [mdmod] mddevunlock+0x19d/0x300 [mdmod] rdevattrstore+0xec/0x190 [mdmod] sysfskfwrite+0x52/0x70 kernfsfopwriteiter+0x19a/0x2a0 vfswrite+0x3b5/0x770 ksyswrite+0x74/0x150 _x64syswrite+0x22/0x30 dosyscall64+0x40/0x90 entrySYSCALL64afterhwframe+0x63/0xcd Fix the problem by recording if 'rdev' is used as holder.