CVE-2024-57941

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> netfs: Fix the (non-)cancellation of copy when cache is temporarily disabled<br /> <br /> When the caching for a cookie is temporarily disabled (e.g. due to a DIO<br /> write on that file), future copying to the cache for that file is disabled<br /> until all fds open on that file are closed. However, if netfslib is using<br /> the deprecated PG_private_2 method (such as is currently used by ceph), and<br /> decides it wants to copy to the cache, netfs_advance_write() will just bail<br /> at the first check seeing that the cache stream is unavailable, and<br /> indicate that it dealt with all the content.<br /> <br /> This means that we have no subrequests to provide notifications to drive<br /> the state machine or even to pin the request and the request just gets<br /> discarded, leaving the folios with PG_private_2 set.<br /> <br /> Fix this by jumping directly to cancel the request if the cache is not<br /> available. That way, we don&amp;#39;t remove mark3 from the folio_queue list and<br /> netfs_pgpriv2_cancel() will clean up the folios.<br /> <br /> This was found by running the generic/013 xfstest against ceph with an<br /> active cache and the "-o fsc" option passed to ceph. That would usually<br /> hang