CVE-2024-26758

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> md: Don&amp;#39;t ignore suspended array in md_check_recovery()<br /> <br /> mddev_suspend() never stop sync_thread, hence it doesn&amp;#39;t make sense to<br /> ignore suspended array in md_check_recovery(), which might cause<br /> sync_thread can&amp;#39;t be unregistered.<br /> <br /> After commit f52f5c71f3d4 ("md: fix stopping sync thread"), following<br /> hang can be triggered by test shell/integrity-caching.sh:<br /> <br /> 1) suspend the array:<br /> raid_postsuspend<br /> mddev_suspend<br /> <br /> 2) stop the array:<br /> raid_dtr<br /> md_stop<br /> __md_stop_writes<br /> stop_sync_thread<br /> set_bit(MD_RECOVERY_INTR, &amp;mddev-&gt;recovery);<br /> md_wakeup_thread_directly(mddev-&gt;sync_thread);<br /> wait_event(..., !test_bit(MD_RECOVERY_RUNNING, &amp;mddev-&gt;recovery))<br /> <br /> 3) sync thread done:<br /> md_do_sync<br /> set_bit(MD_RECOVERY_DONE, &amp;mddev-&gt;recovery);<br /> md_wakeup_thread(mddev-&gt;thread);<br /> <br /> 4) daemon thread can&amp;#39;t unregister sync thread:<br /> md_check_recovery<br /> if (mddev-&gt;suspended)<br /> return; -&gt; return directly<br /> md_read_sync_thread<br /> clear_bit(MD_RECOVERY_RUNNING, &amp;mddev-&gt;recovery);<br /> -&gt; MD_RECOVERY_RUNNING can&amp;#39;t be cleared, hence step 2 hang;<br /> <br /> This problem is not just related to dm-raid, fix it by ignoring<br /> suspended array in md_check_recovery(). And follow up patches will<br /> improve dm-raid better to frozen sync thread during suspend.