| { |
| "containers": { |
| "cna": { |
| "providerMetadata": { |
| "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" |
| }, |
| "descriptions": [ |
| { |
| "lang": "en", |
| "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix deadlock in nilfs_count_free_blocks()\n\nA semaphore deadlock can occur if nilfs_get_block() detects metadata\ncorruption while locating data blocks and a superblock writeback occurs at\nthe same time:\n\ntask 1 task 2\n------ ------\n* A file operation *\nnilfs_truncate()\n nilfs_get_block()\n down_read(rwsem A) <--\n nilfs_bmap_lookup_contig()\n ... generic_shutdown_super()\n nilfs_put_super()\n * Prepare to write superblock *\n down_write(rwsem B) <--\n nilfs_cleanup_super()\n * Detect b-tree corruption * nilfs_set_log_cursor()\n nilfs_bmap_convert_error() nilfs_count_free_blocks()\n __nilfs_error() down_read(rwsem A) <--\n nilfs_set_error()\n down_write(rwsem B) <--\n\n *** DEADLOCK ***\n\nHere, nilfs_get_block() readlocks rwsem A (= NILFS_MDT(dat_inode)->mi_sem)\nand then calls nilfs_bmap_lookup_contig(), but if it fails due to metadata\ncorruption, __nilfs_error() is called from nilfs_bmap_convert_error()\ninside the lock section.\n\nSince __nilfs_error() calls nilfs_set_error() unless the filesystem is\nread-only and nilfs_set_error() attempts to writelock rwsem B (=\nnilfs->ns_sem) to write back superblock exclusively, hierarchical lock\nacquisition occurs in the order rwsem A -> rwsem B.\n\nNow, if another task starts updating the superblock, it may writelock\nrwsem B during the lock sequence above, and can deadlock trying to\nreadlock rwsem A in nilfs_count_free_blocks().\n\nHowever, there is actually no need to take rwsem A in\nnilfs_count_free_blocks() because it, within the lock section, only reads\na single integer data on a shared struct with\nnilfs_sufile_get_ncleansegs(). This has been the case after commit\naa474a220180 (\"nilfs2: add local variable to cache the number of clean\nsegments\"), that is, even before this bug was introduced.\n\nSo, this resolves the deadlock problem by just not taking the semaphore in\nnilfs_count_free_blocks()." |
| } |
| ], |
| "affected": [ |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "unaffected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "fs/nilfs2/the_nilfs.c" |
| ], |
| "versions": [ |
| { |
| "version": "e828949e5b42bfd234ee537cdb7c5e3a577958a3", |
| "lessThan": "3c89ca6d3dfa6c09c515807a7a97a521f5d5147e", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "e828949e5b42bfd234ee537cdb7c5e3a577958a3", |
| "lessThan": "8b4506cff6630bb474bb46a2a75c31e533a756ba", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "e828949e5b42bfd234ee537cdb7c5e3a577958a3", |
| "lessThan": "f0cc93080d4c09510b74ecba87fd778cca390bb1", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "e828949e5b42bfd234ee537cdb7c5e3a577958a3", |
| "lessThan": "36ff974b0310771417c0be64b64aa221bd70d63d", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "e828949e5b42bfd234ee537cdb7c5e3a577958a3", |
| "lessThan": "1d4ff73062096c21b47954d2996b4df259777bda", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "e828949e5b42bfd234ee537cdb7c5e3a577958a3", |
| "lessThan": "abc082aac0d9b6b926038fc3adb7008306581be2", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "e828949e5b42bfd234ee537cdb7c5e3a577958a3", |
| "lessThan": "cb029b54953420f7a2d65100f1c5107f14411bdc", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "e828949e5b42bfd234ee537cdb7c5e3a577958a3", |
| "lessThan": "8ac932a4921a96ca52f61935dbba64ea87bbd5dc", |
| "status": "affected", |
| "versionType": "git" |
| } |
| ] |
| }, |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "affected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "fs/nilfs2/the_nilfs.c" |
| ], |
| "versions": [ |
| { |
| "version": "2.6.38", |
| "status": "affected" |
| }, |
| { |
| "version": "0", |
| "lessThan": "2.6.38", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "4.9.334", |
| "lessThanOrEqual": "4.9.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "4.14.300", |
| "lessThanOrEqual": "4.14.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "4.19.267", |
| "lessThanOrEqual": "4.19.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.4.225", |
| "lessThanOrEqual": "5.4.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.10.155", |
| "lessThanOrEqual": "5.10.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.15.79", |
| "lessThanOrEqual": "5.15.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.0.9", |
| "lessThanOrEqual": "6.0.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.1", |
| "lessThanOrEqual": "*", |
| "status": "unaffected", |
| "versionType": "original_commit_for_fix" |
| } |
| ] |
| } |
| ], |
| "cpeApplicability": [ |
| { |
| "nodes": [ |
| { |
| "operator": "OR", |
| "negate": false, |
| "cpeMatch": [ |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.38", |
| "versionEndExcluding": "4.9.334" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.38", |
| "versionEndExcluding": "4.14.300" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.38", |
| "versionEndExcluding": "4.19.267" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.38", |
| "versionEndExcluding": "5.4.225" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.38", |
| "versionEndExcluding": "5.10.155" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.38", |
| "versionEndExcluding": "5.15.79" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.38", |
| "versionEndExcluding": "6.0.9" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.38", |
| "versionEndExcluding": "6.1" |
| } |
| ] |
| } |
| ] |
| } |
| ], |
| "references": [ |
| { |
| "url": "https://git.kernel.org/stable/c/3c89ca6d3dfa6c09c515807a7a97a521f5d5147e" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/8b4506cff6630bb474bb46a2a75c31e533a756ba" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/f0cc93080d4c09510b74ecba87fd778cca390bb1" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/36ff974b0310771417c0be64b64aa221bd70d63d" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/1d4ff73062096c21b47954d2996b4df259777bda" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/abc082aac0d9b6b926038fc3adb7008306581be2" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/cb029b54953420f7a2d65100f1c5107f14411bdc" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/8ac932a4921a96ca52f61935dbba64ea87bbd5dc" |
| } |
| ], |
| "title": "nilfs2: fix deadlock in nilfs_count_free_blocks()", |
| "x_generator": { |
| "engine": "bippy-1.2.0" |
| } |
| } |
| }, |
| "cveMetadata": { |
| "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", |
| "cveID": "CVE-2022-49850", |
| "requesterUserId": "gregkh@kernel.org", |
| "serial": "1", |
| "state": "PUBLISHED" |
| }, |
| "dataType": "CVE_RECORD", |
| "dataVersion": "5.0" |
| } |
