cve/published/2024/CVE-2024-42315.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-42315: exfat: fix potential deadlock on __exfat_get_dentry_set

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 exfat: fix potential deadlock on __exfat_get_dentry_set

 When accessing a file with more entries than ES_MAX_ENTRY_NUM, the bh-array
 is allocated in __exfat_get_entry_set. The problem is that the bh-array is
 allocated with GFP_KERNEL. It does not make sense. In the following cases,
 a deadlock for sbi->s_lock between the two processes may occur.

        CPU0                CPU1
        ----                ----
   kswapd
    balance_pgdat
     lock(fs_reclaim)
                       exfat_iterate
                        lock(&sbi->s_lock)
                        exfat_readdir
                         exfat_get_uniname_from_ext_entry
                          exfat_get_dentry_set
                           __exfat_get_dentry_set
                            kmalloc_array
                             ...
                             lock(fs_reclaim)
     ...
     evict
      exfat_evict_inode
       lock(&sbi->s_lock)

 To fix this, let's allocate bh-array with GFP_NOFS.

 The Linux kernel CVE team has assigned CVE-2024-42315 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 5.10.190 with commit bd3bdb9e0d656f760b11d0c638d35d7f7068144d and fixed in 5.10.232 with commit 632fb232b6bbf8277edcbe9ecd4b4d98ecb122eb
 	Issue introduced in 5.15.150 with commit 92dcd7d6c6068bf4fd35a6f64d606e27d634807e and fixed in 5.15.175 with commit c052f775ee6ccacd3c97e4cf41a2a657e63d4259
 	Issue introduced in 6.2 with commit a3ff29a95fde16906304455aa8c0bd84eb770258 and fixed in 6.6.44 with commit a7ac198f8dba791e3144c4da48a5a9b95773ee4b
 	Issue introduced in 6.2 with commit a3ff29a95fde16906304455aa8c0bd84eb770258 and fixed in 6.10.3 with commit 1d1970493c289e3f44b9ec847ed26a5dbdf56a62
 	Issue introduced in 6.2 with commit a3ff29a95fde16906304455aa8c0bd84eb770258 and fixed in 6.11 with commit 89fc548767a2155231128cb98726d6d2ea1256c9

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-42315
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	fs/exfat/dir.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/632fb232b6bbf8277edcbe9ecd4b4d98ecb122eb
 	https://git.kernel.org/stable/c/c052f775ee6ccacd3c97e4cf41a2a657e63d4259
 	https://git.kernel.org/stable/c/cd1c7858641384191ff7033fb1fc65dfcd559c6f
 	https://git.kernel.org/stable/c/a7ac198f8dba791e3144c4da48a5a9b95773ee4b
 	https://git.kernel.org/stable/c/1d1970493c289e3f44b9ec847ed26a5dbdf56a62
 	https://git.kernel.org/stable/c/89fc548767a2155231128cb98726d6d2ea1256c9
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-42315: exfat: fix potential deadlock on __exfat_get_dentry_set

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	exfat: fix potential deadlock on __exfat_get_dentry_set

	When accessing a file with more entries than ES_MAX_ENTRY_NUM, the bh-array
	is allocated in __exfat_get_entry_set. The problem is that the bh-array is
	allocated with GFP_KERNEL. It does not make sense. In the following cases,
	a deadlock for sbi->s_lock between the two processes may occur.

	CPU0 CPU1
	---- ----
	kswapd
	balance_pgdat
	lock(fs_reclaim)
	exfat_iterate
	lock(&sbi->s_lock)
	exfat_readdir
	exfat_get_uniname_from_ext_entry
	exfat_get_dentry_set
	__exfat_get_dentry_set
	kmalloc_array
	...
	lock(fs_reclaim)
	...
	evict
	exfat_evict_inode
	lock(&sbi->s_lock)

	To fix this, let's allocate bh-array with GFP_NOFS.

	The Linux kernel CVE team has assigned CVE-2024-42315 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 5.10.190 with commit bd3bdb9e0d656f760b11d0c638d35d7f7068144d and fixed in 5.10.232 with commit 632fb232b6bbf8277edcbe9ecd4b4d98ecb122eb
	Issue introduced in 5.15.150 with commit 92dcd7d6c6068bf4fd35a6f64d606e27d634807e and fixed in 5.15.175 with commit c052f775ee6ccacd3c97e4cf41a2a657e63d4259
	Issue introduced in 6.2 with commit a3ff29a95fde16906304455aa8c0bd84eb770258 and fixed in 6.6.44 with commit a7ac198f8dba791e3144c4da48a5a9b95773ee4b
	Issue introduced in 6.2 with commit a3ff29a95fde16906304455aa8c0bd84eb770258 and fixed in 6.10.3 with commit 1d1970493c289e3f44b9ec847ed26a5dbdf56a62
	Issue introduced in 6.2 with commit a3ff29a95fde16906304455aa8c0bd84eb770258 and fixed in 6.11 with commit 89fc548767a2155231128cb98726d6d2ea1256c9

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-42315
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	fs/exfat/dir.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/632fb232b6bbf8277edcbe9ecd4b4d98ecb122eb
	https://git.kernel.org/stable/c/c052f775ee6ccacd3c97e4cf41a2a657e63d4259
	https://git.kernel.org/stable/c/cd1c7858641384191ff7033fb1fc65dfcd559c6f
	https://git.kernel.org/stable/c/a7ac198f8dba791e3144c4da48a5a9b95773ee4b
	https://git.kernel.org/stable/c/1d1970493c289e3f44b9ec847ed26a5dbdf56a62
	https://git.kernel.org/stable/c/89fc548767a2155231128cb98726d6d2ea1256c9