CVE-2024-49959

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error<br /> <br /> In __jbd2_log_wait_for_space(), we might call jbd2_cleanup_journal_tail()<br /> to recover some journal space. But if an error occurs while executing<br /> jbd2_cleanup_journal_tail() (e.g., an EIO), we don&amp;#39;t stop waiting for free<br /> space right away, we try other branches, and if j_committing_transaction<br /> is NULL (i.e., the tid is 0), we will get the following complain:<br /> <br /> ============================================<br /> JBD2: I/O error when updating journal superblock for sdd-8.<br /> __jbd2_log_wait_for_space: needed 256 blocks and only had 217 space available<br /> __jbd2_log_wait_for_space: no way to get more journal space in sdd-8<br /> ------------[ cut here ]------------<br /> WARNING: CPU: 2 PID: 139804 at fs/jbd2/checkpoint.c:109 __jbd2_log_wait_for_space+0x251/0x2e0<br /> Modules linked in:<br /> CPU: 2 PID: 139804 Comm: kworker/u8:3 Not tainted 6.6.0+ #1<br /> RIP: 0010:__jbd2_log_wait_for_space+0x251/0x2e0<br /> Call Trace:<br /> <br /> add_transaction_credits+0x5d1/0x5e0<br /> start_this_handle+0x1ef/0x6a0<br /> jbd2__journal_start+0x18b/0x340<br /> ext4_dirty_inode+0x5d/0xb0<br /> __mark_inode_dirty+0xe4/0x5d0<br /> generic_update_time+0x60/0x70<br /> [...]<br /> ============================================<br /> <br /> So only if jbd2_cleanup_journal_tail() returns 1, i.e., there is nothing to<br /> clean up at the moment, continue to try to reclaim free space in other ways.<br /> <br /> Note that this fix relies on commit 6f6a6fda2945 ("jbd2: fix ocfs2 corrupt<br /> when updating journal superblock fails") to make jbd2_cleanup_journal_tail<br /> return the correct error code.