CVE-2024-26718

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> dm-crypt, dm-verity: disable tasklets<br /> <br /> Tasklets have an inherent problem with memory corruption. The function<br /> tasklet_action_common calls tasklet_trylock, then it calls the tasklet<br /> callback and then it calls tasklet_unlock. If the tasklet callback frees<br /> the structure that contains the tasklet or if it calls some code that may<br /> free it, tasklet_unlock will write into free memory.<br /> <br /> The commits 8e14f610159d and d9a02e016aaf try to fix it for dm-crypt, but<br /> it is not a sufficient fix and the data corruption can still happen [1].<br /> There is no fix for dm-verity and dm-verity will write into free memory<br /> with every tasklet-processed bio.<br /> <br /> There will be atomic workqueues implemented in the kernel 6.9 [2]. They<br /> will have better interface and they will not suffer from the memory<br /> corruption problem.<br /> <br /> But we need something that stops the memory corruption now and that can be<br /> backported to the stable kernels. So, I&amp;#39;m proposing this commit that<br /> disables tasklets in both dm-crypt and dm-verity. This commit doesn&amp;#39;t<br /> remove the tasklet support, because the tasklet code will be reused when<br /> atomic workqueues will be implemented.<br /> <br /> [1] https://lore.kernel.org/all/d390d7ee-f142-44d3-822a-87949e14608b@suse.de/T/<br /> [2] https://lore.kernel.org/lkml/20240130091300.2968534-1-tj@kernel.org/