CVE-2024-56755

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING<br /> <br /> In fscache_create_volume(), there is a missing memory barrier between the<br /> bit-clearing operation and the wake-up operation. This may cause a<br /> situation where, after a wake-up, the bit-clearing operation hasn&amp;#39;t been<br /> detected yet, leading to an indefinite wait. The triggering process is as<br /> follows:<br /> <br /> [cookie1] [cookie2] [volume_work]<br /> fscache_perform_lookup<br /> fscache_create_volume<br /> fscache_perform_lookup<br /> fscache_create_volume<br /> fscache_create_volume_work<br /> cachefiles_acquire_volume<br /> clear_and_wake_up_bit<br /> test_and_set_bit<br /> test_and_set_bit<br /> goto maybe_wait<br /> goto no_wait<br /> <br /> In the above process, cookie1 and cookie2 has the same volume. When cookie1<br /> enters the -no_wait- process, it will clear the bit and wake up the waiting<br /> process. If a barrier is missing, it may cause cookie2 to remain in the<br /> -wait- process indefinitely.<br /> <br /> In commit 3288666c7256 ("fscache: Use clear_and_wake_up_bit() in<br /> fscache_create_volume_work()"), barriers were added to similar operations<br /> in fscache_create_volume_work(), but fscache_create_volume() was missed.<br /> <br /> By combining the clear and wake operations into clear_and_wake_up_bit() to<br /> fix this issue.