CVE-2024-36001
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
20/05/2024
Last modified:
20/05/2024
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
netfs: Fix the pre-flush when appending to a file in writethrough mode<br />
<br />
In netfs_perform_write(), when the file is marked NETFS_ICTX_WRITETHROUGH<br />
or O_*SYNC or RWF_*SYNC was specified, write-through caching is performed<br />
on a buffered file. When setting up for write-through, we flush any<br />
conflicting writes in the region and wait for the write to complete,<br />
failing if there&#39;s a write error to return.<br />
<br />
The issue arises if we&#39;re writing at or above the EOF position because we<br />
skip the flush and - more importantly - the wait. This becomes a problem<br />
if there&#39;s a partial folio at the end of the file that is being written out<br />
and we want to make a write to it too. Both the already-running write and<br />
the write we start both want to clear the writeback mark, but whoever is<br />
second causes a warning looking something like:<br />
<br />
------------[ cut here ]------------<br />
R=00000012: folio 11 is not under writeback<br />
WARNING: CPU: 34 PID: 654 at fs/netfs/write_collect.c:105<br />
...<br />
CPU: 34 PID: 654 Comm: kworker/u386:27 Tainted: G S ...<br />
...<br />
Workqueue: events_unbound netfs_write_collection_worker<br />
...<br />
RIP: 0010:netfs_writeback_lookup_folio<br />
<br />
Fix this by making the flush-and-wait unconditional. It will do nothing if<br />
there are no folios in the pagecache and will return quickly if there are<br />
no folios in the region specified.<br />
<br />
Further, move the WBC attachment above the flush call as the flush is going<br />
to attach a WBC and detach it again if it is not present - and since we<br />
need one anyway we might as well share it.