From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4D3BBAD5E for ; Mon, 2 Dec 2024 13:53:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733147637; cv=none; b=YfNJrhvNBkLpLC3tjyJcsQTaIef8RiOA1G3nZz4QkVzLvP6JQfZiH8ATbTDtCD0hmP7GFJy5nNbh6L0ueiYrn2czjbrefDF5LXqeYSSn112oS4c6CMDJ/EPXoYZwq2AM/+r1FDYaynWgPpuBV1kTIS1tYn4o9yxT8N+Xy+RIppA= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733147637; c=relaxed/simple; bh=Vpl4CHlEJ6SraxV8eFpUB3OWpZ38oj7+zf1498r5Q64=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=ZoSRiIgFNfgENb9gNAZgWV3zLElICSKSSAIDATG040cWrZ3R7Dg6GBKJGzUdIb3J+3/i2oRYxD/Zf4vDp/j+m/cJnA84FAPFh8eHGTZnyRe81kvMw4RTsA5iXH7Q8EbXy9ScEVo/VaFoWP54BerE/f0kNkMs834gqm8QDU3bYAw= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=x1yTBts+; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="x1yTBts+" Received: by smtp.kernel.org (Postfix) with ESMTPSA id B0CE6C4CED1; Mon, 2 Dec 2024 13:53:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1733147637; bh=Vpl4CHlEJ6SraxV8eFpUB3OWpZ38oj7+zf1498r5Q64=; h=From:To:Cc:Subject:Date:Reply-to:From; b=x1yTBts+j09aZyA+hiRZHhlQJrlTMTEp5+2FXV3ypdpLQk6Cd2Hqxj5H0mvX3h26B s7br07RhJOpfAIepoxmC5QxSPgg0rgYpyQ+KbTSYuVXSDG6vjrEMoKUJ/wLcs16NNx k39XmRr3NCp7o9q/yJiw5sw9+qUYQpLxsOvHYvjk= From: Greg Kroah-Hartman To: linux-cve-announce@vger.kernel.org Cc: Greg Kroah-Hartman Subject: CVE-2024-53112: ocfs2: uncache inode which has failed entering the group Date: Mon, 2 Dec 2024 14:52:51 +0100 Message-ID: <2024120249-CVE-2024-53112-e04e@gregkh> X-Mailer: git-send-email 2.47.1 Precedence: bulk X-Mailing-List: linux-cve-announce@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Reply-to: , X-Developer-Signature: v=1; a=openpgp-sha256; l=3796; i=gregkh@linuxfoundation.org; h=from:subject:message-id; bh=Vpl4CHlEJ6SraxV8eFpUB3OWpZ38oj7+zf1498r5Q64=; b=owGbwMvMwCRo6H6F97bub03G02pJDOm+uzd2z30qcYRn/aw/u1j3iMu/WTppm/TfXaIqjYXz5 RglGFg4O2JZGASZGGTFFFm+bOM5ur/ikKKXoe1pmDmsTCBDGLg4BWAi79cxzPf6V8Ce7r32BmPI Is2GDRlL/QuOSDMsWHfczIKJjbF1vZTSxBS9P4G5+h9lAQ== X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 Content-Transfer-Encoding: 8bit Description =========== In the Linux kernel, the following vulnerability has been resolved: ocfs2: uncache inode which has failed entering the group Syzbot has reported the following BUG: kernel BUG at fs/ocfs2/uptodate.c:509! ... Call Trace: ? __die_body+0x5f/0xb0 ? die+0x9e/0xc0 ? do_trap+0x15a/0x3a0 ? ocfs2_set_new_buffer_uptodate+0x145/0x160 ? do_error_trap+0x1dc/0x2c0 ? ocfs2_set_new_buffer_uptodate+0x145/0x160 ? __pfx_do_error_trap+0x10/0x10 ? handle_invalid_op+0x34/0x40 ? ocfs2_set_new_buffer_uptodate+0x145/0x160 ? exc_invalid_op+0x38/0x50 ? asm_exc_invalid_op+0x1a/0x20 ? ocfs2_set_new_buffer_uptodate+0x2e/0x160 ? ocfs2_set_new_buffer_uptodate+0x144/0x160 ? ocfs2_set_new_buffer_uptodate+0x145/0x160 ocfs2_group_add+0x39f/0x15a0 ? __pfx_ocfs2_group_add+0x10/0x10 ? __pfx_lock_acquire+0x10/0x10 ? mnt_get_write_access+0x68/0x2b0 ? __pfx_lock_release+0x10/0x10 ? rcu_read_lock_any_held+0xb7/0x160 ? __pfx_rcu_read_lock_any_held+0x10/0x10 ? smack_log+0x123/0x540 ? mnt_get_write_access+0x68/0x2b0 ? mnt_get_write_access+0x68/0x2b0 ? mnt_get_write_access+0x226/0x2b0 ocfs2_ioctl+0x65e/0x7d0 ? __pfx_ocfs2_ioctl+0x10/0x10 ? smack_file_ioctl+0x29e/0x3a0 ? __pfx_smack_file_ioctl+0x10/0x10 ? lockdep_hardirqs_on_prepare+0x43d/0x780 ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 ? __pfx_ocfs2_ioctl+0x10/0x10 __se_sys_ioctl+0xfb/0x170 do_syscall_64+0xf3/0x230 entry_SYSCALL_64_after_hwframe+0x77/0x7f ... When 'ioctl(OCFS2_IOC_GROUP_ADD, ...)' has failed for the particular inode in 'ocfs2_verify_group_and_input()', corresponding buffer head remains cached and subsequent call to the same 'ioctl()' for the same inode issues the BUG() in 'ocfs2_set_new_buffer_uptodate()' (trying to cache the same buffer head of that inode). Fix this by uncaching the buffer head with 'ocfs2_remove_from_cache()' on error path in 'ocfs2_group_add()'. The Linux kernel CVE team has assigned CVE-2024-53112 to this issue. Affected and fixed versions =========================== Issue introduced in 2.6.25 with commit 7909f2bf8353 and fixed in 6.1.119 with commit 620d22598110 Issue introduced in 2.6.25 with commit 7909f2bf8353 and fixed in 6.6.63 with commit 843dfc804af4 Issue introduced in 2.6.25 with commit 7909f2bf8353 and fixed in 6.11.10 with commit b751c50e19d6 Issue introduced in 2.6.25 with commit 7909f2bf8353 and fixed in 6.12 with commit 737f34137844 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-53112 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: fs/ocfs2/resize.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/620d22598110b0d0cb97a3fcca65fc473ea86e73 https://git.kernel.org/stable/c/843dfc804af4b338ead42331dd58081b428ecdf8 https://git.kernel.org/stable/c/b751c50e19d66cfb7360c0b55cf17b0722252d12 https://git.kernel.org/stable/c/737f34137844d6572ab7d473c998c7f977ff30eb