CVE-2024-40935

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> cachefiles: flush all requests after setting CACHEFILES_DEAD<br /> <br /> In ondemand mode, when the daemon is processing an open request, if the<br /> kernel flags the cache as CACHEFILES_DEAD, the cachefiles_daemon_write()<br /> will always return -EIO, so the daemon can&amp;#39;t pass the copen to the kernel.<br /> Then the kernel process that is waiting for the copen triggers a hung_task.<br /> <br /> Since the DEAD state is irreversible, it can only be exited by closing<br /> /dev/cachefiles. Therefore, after calling cachefiles_io_error() to mark<br /> the cache as CACHEFILES_DEAD, if in ondemand mode, flush all requests to<br /> avoid the above hungtask. We may still be able to read some of the cached<br /> data before closing the fd of /dev/cachefiles.<br /> <br /> Note that this relies on the patch that adds reference counting to the req,<br /> otherwise it may UAF.