cve/published/2024/CVE-2024-55642.json - pub/scm/linux/security/vulns - Git at Google

 {
    "containers": {
       "cna": {
          "providerMetadata": {
             "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
          },
          "descriptions": [
             {
                "lang": "en",
                "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: Prevent potential deadlocks in zone write plug error recovery\n\nZone write plugging for handling writes to zones of a zoned block\ndevice always execute a zone report whenever a write BIO to a zone\nfails. The intent of this is to ensure that the tracking of a zone write\npointer is always correct to ensure that the alignment to a zone write\npointer of write BIOs can be checked on submission and that we can\nalways correctly emulate zone append operations using regular write\nBIOs.\n\nHowever, this error recovery scheme introduces a potential deadlock if a\ndevice queue freeze is initiated while BIOs are still plugged in a zone\nwrite plug and one of these write operation fails. In such case, the\ndisk zone write plug error recovery work is scheduled and executes a\nreport zone. This in turn can result in a request allocation in the\nunderlying driver to issue the report zones command to the device. But\nwith the device queue freeze already started, this allocation will\nblock, preventing the report zone execution and the continuation of the\nprocessing of the plugged BIOs. As plugged BIOs hold a queue usage\nreference, the queue freeze itself will never complete, resulting in a\ndeadlock.\n\nAvoid this problem by completely removing from the zone write plugging\ncode the use of report zones operations after a failed write operation,\ninstead relying on the device user to either execute a report zones,\nreset the zone, finish the zone, or give up writing to the device (which\nis a fairly common pattern for file systems which degrade to read-only\nafter write failures). This is not an unreasonnable requirement as all\nwell-behaved applications, FSes and device mapper already use report\nzones to recover from write errors whenever possible by comparing the\ncurrent position of a zone write pointer with what their assumption\nabout the position is.\n\nThe changes to remove the automatic error recovery are as follows:\n - Completely remove the error recovery work and its associated\n   resources (zone write plug list head, disk error list, and disk\n   zone_wplugs_work work struct). This also removes the functions\n   disk_zone_wplug_set_error() and disk_zone_wplug_clear_error().\n\n - Change the BLK_ZONE_WPLUG_ERROR zone write plug flag into\n   BLK_ZONE_WPLUG_NEED_WP_UPDATE. This new flag is set for a zone write\n   plug whenever a write opration targetting the zone of the zone write\n   plug fails. This flag indicates that the zone write pointer offset is\n   not reliable and that it must be updated when the next report zone,\n   reset zone, finish zone or disk revalidation is executed.\n\n - Modify blk_zone_write_plug_bio_endio() to set the\n   BLK_ZONE_WPLUG_NEED_WP_UPDATE flag for the target zone of a failed\n   write BIO.\n\n - Modify the function disk_zone_wplug_set_wp_offset() to clear this\n   new flag, thus implementing recovery of a correct write pointer\n   offset with the reset (all) zone and finish zone operations.\n\n - Modify blkdev_report_zones() to always use the disk_report_zones_cb()\n   callback so that disk_zone_wplug_sync_wp_offset() can be called for\n   any zone marked with the BLK_ZONE_WPLUG_NEED_WP_UPDATE flag.\n   This implements recovery of a correct write pointer offset for zone\n   write plugs marked with BLK_ZONE_WPLUG_NEED_WP_UPDATE and within\n   the range of the report zones operation executed by the user.\n\n - Modify blk_revalidate_seq_zone() to call\n   disk_zone_wplug_sync_wp_offset() for all sequential write required\n   zones when a zoned block device is revalidated, thus always resolving\n   any inconsistency between the write pointer offset of zone write\n   plugs and the actual write pointer position of sequential zones."
             }
          ],
          "affected": [
             {
                "product": "Linux",
                "vendor": "Linux",
                "defaultStatus": "unaffected",
                "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                "programFiles": [
                   "block/blk-zoned.c",
                   "include/linux/blkdev.h"
                ],
                "versions": [
                   {
                      "version": "dd291d77cc90eb6a86e9860ba8e6e38eebd57d12",
                      "lessThan": "7fa80134cf266325fa61139320091001c9b3c477",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "dd291d77cc90eb6a86e9860ba8e6e38eebd57d12",
                      "lessThan": "fe0418eb9bd69a19a948b297c8de815e05f3cde1",
                      "status": "affected",
                      "versionType": "git"
                   }
                ]
             },
             {
                "product": "Linux",
                "vendor": "Linux",
                "defaultStatus": "affected",
                "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                "programFiles": [
                   "block/blk-zoned.c",
                   "include/linux/blkdev.h"
                ],
                "versions": [
                   {
                      "version": "6.10",
                      "status": "affected"
                   },
                   {
                      "version": "0",
                      "lessThan": "6.10",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "6.12.6",
                      "lessThanOrEqual": "6.12.*",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "6.13",
                      "lessThanOrEqual": "*",
                      "status": "unaffected",
                      "versionType": "original_commit_for_fix"
                   }
                ]
             }
          ],
          "cpeApplicability": [
             {
                "nodes": [
                   {
                      "operator": "OR",
                      "negate": false,
                      "cpeMatch": [
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "6.10",
                            "versionEndExcluding": "6.12.6"
                         },
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "6.10",
                            "versionEndExcluding": "6.13"
                         }
                      ]
                   }
                ]
             }
          ],
          "references": [
             {
                "url": "https://git.kernel.org/stable/c/7fa80134cf266325fa61139320091001c9b3c477"
             },
             {
                "url": "https://git.kernel.org/stable/c/fe0418eb9bd69a19a948b297c8de815e05f3cde1"
             }
          ],
          "title": "block: Prevent potential deadlocks in zone write plug error recovery",
          "x_generator": {
             "engine": "bippy-1.2.0"
          }
       }
    },
    "cveMetadata": {
       "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
       "cveID": "CVE-2024-55642",
       "requesterUserId": "gregkh@kernel.org",
       "serial": "1",
       "state": "PUBLISHED"
    },
    "dataType": "CVE_RECORD",
    "dataVersion": "5.0"
 }
	{
	"containers": {
	"cna": {
	"providerMetadata": {
	"orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
	},
	"descriptions": [
	{
	"lang": "en",
	"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: Prevent potential deadlocks in zone write plug error recovery\n\nZone write plugging for handling writes to zones of a zoned block\ndevice always execute a zone report whenever a write BIO to a zone\nfails. The intent of this is to ensure that the tracking of a zone write\npointer is always correct to ensure that the alignment to a zone write\npointer of write BIOs can be checked on submission and that we can\nalways correctly emulate zone append operations using regular write\nBIOs.\n\nHowever, this error recovery scheme introduces a potential deadlock if a\ndevice queue freeze is initiated while BIOs are still plugged in a zone\nwrite plug and one of these write operation fails. In such case, the\ndisk zone write plug error recovery work is scheduled and executes a\nreport zone. This in turn can result in a request allocation in the\nunderlying driver to issue the report zones command to the device. But\nwith the device queue freeze already started, this allocation will\nblock, preventing the report zone execution and the continuation of the\nprocessing of the plugged BIOs. As plugged BIOs hold a queue usage\nreference, the queue freeze itself will never complete, resulting in a\ndeadlock.\n\nAvoid this problem by completely removing from the zone write plugging\ncode the use of report zones operations after a failed write operation,\ninstead relying on the device user to either execute a report zones,\nreset the zone, finish the zone, or give up writing to the device (which\nis a fairly common pattern for file systems which degrade to read-only\nafter write failures). This is not an unreasonnable requirement as all\nwell-behaved applications, FSes and device mapper already use report\nzones to recover from write errors whenever possible by comparing the\ncurrent position of a zone write pointer with what their assumption\nabout the position is.\n\nThe changes to remove the automatic error recovery are as follows:\n - Completely remove the error recovery work and its associated\n resources (zone write plug list head, disk error list, and disk\n zone_wplugs_work work struct). This also removes the functions\n disk_zone_wplug_set_error() and disk_zone_wplug_clear_error().\n\n - Change the BLK_ZONE_WPLUG_ERROR zone write plug flag into\n BLK_ZONE_WPLUG_NEED_WP_UPDATE. This new flag is set for a zone write\n plug whenever a write opration targetting the zone of the zone write\n plug fails. This flag indicates that the zone write pointer offset is\n not reliable and that it must be updated when the next report zone,\n reset zone, finish zone or disk revalidation is executed.\n\n - Modify blk_zone_write_plug_bio_endio() to set the\n BLK_ZONE_WPLUG_NEED_WP_UPDATE flag for the target zone of a failed\n write BIO.\n\n - Modify the function disk_zone_wplug_set_wp_offset() to clear this\n new flag, thus implementing recovery of a correct write pointer\n offset with the reset (all) zone and finish zone operations.\n\n - Modify blkdev_report_zones() to always use the disk_report_zones_cb()\n callback so that disk_zone_wplug_sync_wp_offset() can be called for\n any zone marked with the BLK_ZONE_WPLUG_NEED_WP_UPDATE flag.\n This implements recovery of a correct write pointer offset for zone\n write plugs marked with BLK_ZONE_WPLUG_NEED_WP_UPDATE and within\n the range of the report zones operation executed by the user.\n\n - Modify blk_revalidate_seq_zone() to call\n disk_zone_wplug_sync_wp_offset() for all sequential write required\n zones when a zoned block device is revalidated, thus always resolving\n any inconsistency between the write pointer offset of zone write\n plugs and the actual write pointer position of sequential zones."
	}
	],
	"affected": [
	{
	"product": "Linux",
	"vendor": "Linux",
	"defaultStatus": "unaffected",
	"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
	"programFiles": [
	"block/blk-zoned.c",
	"include/linux/blkdev.h"
	],
	"versions": [
	{
	"version": "dd291d77cc90eb6a86e9860ba8e6e38eebd57d12",
	"lessThan": "7fa80134cf266325fa61139320091001c9b3c477",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "dd291d77cc90eb6a86e9860ba8e6e38eebd57d12",
	"lessThan": "fe0418eb9bd69a19a948b297c8de815e05f3cde1",
	"status": "affected",
	"versionType": "git"
	}
	]
	},
	{
	"product": "Linux",
	"vendor": "Linux",
	"defaultStatus": "affected",
	"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
	"programFiles": [
	"block/blk-zoned.c",
	"include/linux/blkdev.h"
	],
	"versions": [
	{
	"version": "6.10",
	"status": "affected"
	},
	{
	"version": "0",
	"lessThan": "6.10",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "6.12.6",
	"lessThanOrEqual": "6.12.*",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "6.13",
	"lessThanOrEqual": "*",
	"status": "unaffected",
	"versionType": "original_commit_for_fix"
	}
	]
	}
	],
	"cpeApplicability": [
	{
	"nodes": [
	{
	"operator": "OR",
	"negate": false,
	"cpeMatch": [
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "6.10",
	"versionEndExcluding": "6.12.6"
	},
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "6.10",
	"versionEndExcluding": "6.13"
	}
	]
	}
	]
	}
	],
	"references": [
	{
	"url": "https://git.kernel.org/stable/c/7fa80134cf266325fa61139320091001c9b3c477"
	},
	{
	"url": "https://git.kernel.org/stable/c/fe0418eb9bd69a19a948b297c8de815e05f3cde1"
	}
	],
	"title": "block: Prevent potential deadlocks in zone write plug error recovery",
	"x_generator": {
	"engine": "bippy-1.2.0"
	}
	}
	},
	"cveMetadata": {
	"assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
	"cveID": "CVE-2024-55642",
	"requesterUserId": "gregkh@kernel.org",
	"serial": "1",
	"state": "PUBLISHED"
	},
	"dataType": "CVE_RECORD",
	"dataVersion": "5.0"
	}