In the Linux kernel, the following vulnerability has been resolved:
block: fix deadlock between bd_link_disk_holder and partition scan
open_mutex of gendisk is used to protect open/close block devices. But in bd_link_disk_holder(), it is used to protect the creation of symlink between holding disk and slave bdev, which introduces some issues.
When bd_link_disk_holder() is called, the driver is usually in the process of initialization/modification and may suspend submitting io. At this time, any io hold open_mutex, such as scanning partitions, can cause deadlocks. For example, in raid:
T1 T2 bdev_open_by_dev lock open_mutex [1] … efi_partition … md_submit_bio md_ioctl mddev_syspend -> suspend all io md_add_new_disk bind_rdev_to_array bd_link_disk_holder try lock open_mutex [2] md_handle_request -> wait mddev_resume
T1 scan partition, T2 add a new device to raid. T1 waits for T2 to resume mddev, but T2 waits for open_mutex held by T1. Deadlock occurs.
Fix it by introducing a local mutex blk_holder_mutex to replace open_mutex.
The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Linux_kernel | Linux | 6.7 (including) | 6.7.11 (excluding) |
| Linux_kernel | Linux | 6.8 (including) | 6.8.2 (excluding) |
Locking is a type of synchronization behavior that ensures that multiple independently-operating processes or threads do not interfere with each other when accessing the same resource. All processes/threads are expected to follow the same steps for locking. If these steps are not followed precisely - or if no locking is done at all - then another process/thread could modify the shared resource in a way that is not visible or predictable to the original process. This can lead to data or memory corruption, denial of service, etc.