-

CVE-2022-50534

In the Linux kernel, the following vulnerability has been resolved:

dm thin: Use last transaction's pmd->root when commit failed

Recently we found a softlock up problem in dm thin pool btree lookup
code due to corrupted metadata:

 Kernel panic - not syncing: softlockup: hung tasks
 CPU: 7 PID: 2669225 Comm: kworker/u16:3
 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)
 Workqueue: dm-thin do_worker [dm_thin_pool]
 Call Trace:
   <IRQ>
   dump_stack+0x9c/0xd3
   panic+0x35d/0x6b9
   watchdog_timer_fn.cold+0x16/0x25
   __run_hrtimer+0xa2/0x2d0
   </IRQ>
   RIP: 0010:__relink_lru+0x102/0x220 [dm_bufio]
   __bufio_new+0x11f/0x4f0 [dm_bufio]
   new_read+0xa3/0x1e0 [dm_bufio]
   dm_bm_read_lock+0x33/0xd0 [dm_persistent_data]
   ro_step+0x63/0x100 [dm_persistent_data]
   btree_lookup_raw.constprop.0+0x44/0x220 [dm_persistent_data]
   dm_btree_lookup+0x16f/0x210 [dm_persistent_data]
   dm_thin_find_block+0x12c/0x210 [dm_thin_pool]
   __process_bio_read_only+0xc5/0x400 [dm_thin_pool]
   process_thin_deferred_bios+0x1a4/0x4a0 [dm_thin_pool]
   process_one_work+0x3c5/0x730

Following process may generate a broken btree mixed with fresh and
stale btree nodes, which could get dm thin trapped in an infinite loop
while looking up data block:
 Transaction 1: pmd->root = A, A->B->C   // One path in btree
                pmd->root = X, X->Y->Z   // Copy-up
 Transaction 2: X,Z is updated on disk, Y write failed.
                // Commit failed, dm thin becomes read-only.
                process_bio_read_only
		 dm_thin_find_block
		  __find_block
		   dm_btree_lookup(pmd->root)
The pmd->root points to a broken btree, Y may contain stale node
pointing to any block, for example X, which gets dm thin trapped into
a dead loop while looking up Z.

Fix this by setting pmd->root in __open_metadata(), so that dm thin
will use the last transaction's pmd->root if commit failed.

Fetch a reproducer in [Link].

Linke: https://bugzilla.kernel.org/show_bug.cgi?id=216790
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version < b35a22760aa5008d82533e59b0f0b5eb1b02d4e5
Version 991d9fa02da0dd1f843dc011376965e0c8c6c9b5
Status affected
Version < 87d69b8824ca9b090f5a8ed47f758e8f6eecb871
Version 991d9fa02da0dd1f843dc011376965e0c8c6c9b5
Status affected
Version < 3db757ffdd87ed8d7118b2250236a496502a660f
Version 991d9fa02da0dd1f843dc011376965e0c8c6c9b5
Status affected
Version < f758987ff0af3a4b5ee69e95cab6a5294e4367b0
Version 991d9fa02da0dd1f843dc011376965e0c8c6c9b5
Status affected
Version < 94f01ecc2aa0be992865acc80ebb6701f731f955
Version 991d9fa02da0dd1f843dc011376965e0c8c6c9b5
Status affected
Version < 4b710e8481ade7c9200e94d3018e99dc42a0a0e8
Version 991d9fa02da0dd1f843dc011376965e0c8c6c9b5
Status affected
Version < a63ce4eca86fd207e3db07c00fb7ccf4adf1b230
Version 991d9fa02da0dd1f843dc011376965e0c8c6c9b5
Status affected
Version < b91f481300e3a10eaf66b94fc39b740928762aaf
Version 991d9fa02da0dd1f843dc011376965e0c8c6c9b5
Status affected
Version < 7991dbff6849f67e823b7cc0c15e5a90b0549b9f
Version 991d9fa02da0dd1f843dc011376965e0c8c6c9b5
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 3.2
Status affected
Version < 3.2
Version 0
Status unaffected
Version <= 4.9.*
Version 4.9.337
Status unaffected
Version <= 4.14.*
Version 4.14.303
Status unaffected
Version <= 4.19.*
Version 4.19.270
Status unaffected
Version <= 5.4.*
Version 5.4.229
Status unaffected
Version <= 5.10.*
Version 5.10.163
Status unaffected
Version <= 5.15.*
Version 5.15.87
Status unaffected
Version <= 6.0.*
Version 6.0.18
Status unaffected
Version <= 6.1.*
Version 6.1.4
Status unaffected
Version <= *
Version 6.2
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.05% 0.153
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String