Bug 2339141 (CVE-2024-57942) - CVE-2024-57942 kernel: netfs: Fix ceph copy to cache on write-begin
Summary: CVE-2024-57942 kernel: netfs: Fix ceph copy to cache on write-begin
Keywords:
Status: NEW
Alias: CVE-2024-57942
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-01-21 13:03 UTC by OSIDB Bzimport
Modified: 2025-01-21 19:00 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-01-21 13:03:05 UTC 
In the Linux kernel, the following vulnerability has been resolved:

netfs: Fix ceph copy to cache on write-begin

At the end of netfs_unlock_read_folio() in which folios are marked
appropriately for copying to the cache (either with by being marked dirty
and having their private data set or by having PG_private_2 set) and then
unlocked, the folio_queue struct has the entry pointing to the folio
cleared.  This presents a problem for netfs_pgpriv2_write_to_the_cache(),
which is used to write folios marked with PG_private_2 to the cache as it
expects to be able to trawl the folio_queue list thereafter to find the
relevant folios, leading to a hang.

Fix this by not clearing the folio_queue entry if we're going to do the
deprecated copy-to-cache.  The clearance will be done instead as the folios
are written to the cache.

This can be reproduced by starting cachefiles, mounting a ceph filesystem
with "-o fsc" and writing to it.
Comment 1 Robb Gatica 2025-01-21 16:44:18 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025012129-CVE-2024-57942-bedc@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.