CVE-2024-38582

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> nilfs2: fix potential hang in nilfs_detach_log_writer()<br /> <br /> Syzbot has reported a potential hang in nilfs_detach_log_writer() called<br /> during nilfs2 unmount.<br /> <br /> Analysis revealed that this is because nilfs_segctor_sync(), which<br /> synchronizes with the log writer thread, can be called after<br /> nilfs_segctor_destroy() terminates that thread, as shown in the call trace<br /> below:<br /> <br /> nilfs_detach_log_writer<br /> nilfs_segctor_destroy<br /> nilfs_segctor_kill_thread --&gt; Shut down log writer thread<br /> flush_work<br /> nilfs_iput_work_func<br /> nilfs_dispose_list<br /> iput<br /> nilfs_evict_inode<br /> nilfs_transaction_commit<br /> nilfs_construct_segment (if inode needs sync)<br /> nilfs_segctor_sync --&gt; Attempt to synchronize with<br /> log writer thread<br /> *** DEADLOCK ***<br /> <br /> Fix this issue by changing nilfs_segctor_sync() so that the log writer<br /> thread returns normally without synchronizing after it terminates, and by<br /> forcing tasks that are already waiting to complete once after the thread<br /> terminates.<br /> <br /> The skipped inode metadata flushout will then be processed together in the<br /> subsequent cleanup work in nilfs_segctor_destroy().