CVE-2024-26685

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> nilfs2: fix potential bug in end_buffer_async_write<br /> <br /> According to a syzbot report, end_buffer_async_write(), which handles the<br /> completion of block device writes, may detect abnormal condition of the<br /> buffer async_write flag and cause a BUG_ON failure when using nilfs2.<br /> <br /> Nilfs2 itself does not use end_buffer_async_write(). But, the async_write<br /> flag is now used as a marker by commit 7f42ec394156 ("nilfs2: fix issue<br /> with race condition of competition between segments for dirty blocks") as<br /> a means of resolving double list insertion of dirty blocks in<br /> nilfs_lookup_dirty_data_buffers() and nilfs_lookup_node_buffers() and the<br /> resulting crash.<br /> <br /> This modification is safe as long as it is used for file data and b-tree<br /> node blocks where the page caches are independent. However, it was<br /> irrelevant and redundant to also introduce async_write for segment summary<br /> and super root blocks that share buffers with the backing device. This<br /> led to the possibility that the BUG_ON check in end_buffer_async_write<br /> would fail as described above, if independent writebacks of the backing<br /> device occurred in parallel.<br /> <br /> The use of async_write for segment summary buffers has already been<br /> removed in a previous change.<br /> <br /> Fix this issue by removing the manipulation of the async_write flag for<br /> the remaining super root block buffer.