CVE-2024-26756

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> md: Don&amp;#39;t register sync_thread for reshape directly<br /> <br /> Currently, if reshape is interrupted, then reassemble the array will<br /> register sync_thread directly from pers-&gt;run(), in this case<br /> &amp;#39;MD_RECOVERY_RUNNING&amp;#39; is set directly, however, there is no guarantee<br /> that md_do_sync() will be executed, hence stop_sync_thread() will hang<br /> because &amp;#39;MD_RECOVERY_RUNNING&amp;#39; can&amp;#39;t be cleared.<br /> <br /> Last patch make sure that md_do_sync() will set MD_RECOVERY_DONE,<br /> however, following hang can still be triggered by dm-raid test<br /> shell/lvconvert-raid-reshape.sh occasionally:<br /> <br /> [root@fedora ~]# cat /proc/1982/stack<br /> [] stop_sync_thread+0x1ab/0x270 [md_mod]<br /> [] md_frozen_sync_thread+0x5c/0xa0 [md_mod]<br /> [] raid_presuspend+0x1e/0x70 [dm_raid]<br /> [] dm_table_presuspend_targets+0x40/0xb0 [dm_mod]<br /> [] __dm_destroy+0x2a5/0x310 [dm_mod]<br /> [] dm_destroy+0x16/0x30 [dm_mod]<br /> [] dev_remove+0x165/0x290 [dm_mod]<br /> [] ctl_ioctl+0x4bb/0x7b0 [dm_mod]<br /> [] dm_ctl_ioctl+0x11/0x20 [dm_mod]<br /> [] vfs_ioctl+0x21/0x60<br /> [] __x64_sys_ioctl+0xb9/0xe0<br /> [] do_syscall_64+0xc6/0x230<br /> [] entry_SYSCALL_64_after_hwframe+0x6c/0x74<br /> <br /> Meanwhile mddev-&gt;recovery is:<br /> MD_RECOVERY_RUNNING |<br /> MD_RECOVERY_INTR |<br /> MD_RECOVERY_RESHAPE |<br /> MD_RECOVERY_FROZEN<br /> <br /> Fix this problem by remove the code to register sync_thread directly<br /> from raid10 and raid5. And let md_check_recovery() to register<br /> sync_thread.