CVE-2022-50193

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> erofs: wake up all waiters after z_erofs_lzma_head ready<br /> <br /> When the user mounts the erofs second times, the decompression thread<br /> may hung. The problem happens due to a sequence of steps like the<br /> following:<br /> <br /> 1) Task A called z_erofs_load_lzma_config which obtain all of the node<br /> from the z_erofs_lzma_head.<br /> <br /> 2) At this time, task B called the z_erofs_lzma_decompress and wanted to<br /> get a node. But the z_erofs_lzma_head was empty, the Task B had to<br /> sleep.<br /> <br /> 3) Task A release nodes and push nodes into the z_erofs_lzma_head. But<br /> task B was still sleeping.<br /> <br /> One example report when the hung happens:<br /> task:kworker/u3:1 state:D stack:14384 pid: 86 ppid: 2 flags:0x00004000<br /> Workqueue: erofs_unzipd z_erofs_decompressqueue_work<br /> Call Trace:<br /> <br /> __schedule+0x281/0x760<br /> schedule+0x49/0xb0<br /> z_erofs_lzma_decompress+0x4bc/0x580<br /> ? cpu_core_flags+0x10/0x10<br /> z_erofs_decompress_pcluster+0x49b/0xba0<br /> ? __update_load_avg_se+0x2b0/0x330<br /> ? __update_load_avg_se+0x2b0/0x330<br /> ? update_load_avg+0x5f/0x690<br /> ? update_load_avg+0x5f/0x690<br /> ? set_next_entity+0xbd/0x110<br /> ? _raw_spin_unlock+0xd/0x20<br /> z_erofs_decompress_queue.isra.0+0x2e/0x50<br /> z_erofs_decompressqueue_work+0x30/0x60<br /> process_one_work+0x1d3/0x3a0<br /> worker_thread+0x45/0x3a0<br /> ? process_one_work+0x3a0/0x3a0<br /> kthread+0xe2/0x110<br /> ? kthread_complete_and_exit+0x20/0x20<br /> ret_from_fork+0x22/0x30<br />