CVE-2024-26755

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> md: Don&amp;#39;t suspend the array for interrupted reshape<br /> <br /> md_start_sync() will suspend the array if there are spares that can be<br /> added or removed from conf, however, if reshape is still in progress,<br /> this won&amp;#39;t happen at all or data will be corrupted(remove_and_add_spares<br /> won&amp;#39;t be called from md_choose_sync_action for reshape), hence there is<br /> no need to suspend the array if reshape is not done yet.<br /> <br /> Meanwhile, there is a potential deadlock for raid456:<br /> <br /> 1) reshape is interrupted;<br /> <br /> 2) set one of the disk WantReplacement, and add a new disk to the array,<br /> however, recovery won&amp;#39;t start until the reshape is finished;<br /> <br /> 3) then issue an IO across reshpae position, this IO will wait for<br /> reshape to make progress;<br /> <br /> 4) continue to reshape, then md_start_sync() found there is a spare disk<br /> that can be added to conf, mddev_suspend() is called;<br /> <br /> Step 4 and step 3 is waiting for each other, deadlock triggered. Noted<br /> this problem is found by code review, and it&amp;#39;s not reporduced yet.<br /> <br /> Fix this porblem by don&amp;#39;t suspend the array for interrupted reshape,<br /> this is safe because conf won&amp;#39;t be changed until reshape is done.