U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2024-47669

Change History

New CVE Received from kernel.org 10/09/2024 11:15:15 AM

Action Type Old Value New Value
Added Description

								
							
							
						
In the Linux kernel, the following vulnerability has been resolved:

nilfs2: fix state management in error path of log writing function

After commit a694291a6211 ("nilfs2: separate wait function from
nilfs_segctor_write") was applied, the log writing function
nilfs_segctor_do_construct() was able to issue I/O requests continuously
even if user data blocks were split into multiple logs across segments,
but two potential flaws were introduced in its error handling.

First, if nilfs_segctor_begin_construction() fails while creating the
second or subsequent logs, the log writing function returns without
calling nilfs_segctor_abort_construction(), so the writeback flag set on
pages/folios will remain uncleared.  This causes page cache operations to
hang waiting for the writeback flag.  For example,
truncate_inode_pages_final(), which is called via nilfs_evict_inode() when
an inode is evicted from memory, will hang.

Second, the NILFS_I_COLLECTED flag set on normal inodes remain uncleared. 
As a result, if the next log write involves checkpoint creation, that's
fine, but if a partial log write is performed that does not, inodes with
NILFS_I_COLLECTED set are erroneously removed from the "sc_dirty_files"
list, and their data and b-tree blocks may not be written to the device,
corrupting the block mapping.

Fix these issues by uniformly calling nilfs_segctor_abort_construction()
on failure of each step in the loop in nilfs_segctor_do_construct(),
having it clean up logs and segment usages according to progress, and
correcting the conditions for calling nilfs_redirty_inodes() to ensure
that the NILFS_I_COLLECTED flag is cleared.
Added Reference

								
							
							
						
kernel.org https://git.kernel.org/stable/c/036441e8438b29111fa75008f0ce305fb4e83c0a [No types assigned]
Added Reference

								
							
							
						
kernel.org https://git.kernel.org/stable/c/0a1a961bde4351dc047ffdeb2f1311ca16a700cc [No types assigned]
Added Reference

								
							
							
						
kernel.org https://git.kernel.org/stable/c/30562eff4a6dd35c4b5be9699ef61ad9f5f20a06 [No types assigned]
Added Reference

								
							
							
						
kernel.org https://git.kernel.org/stable/c/3e349d7191f0688fc9808ef24fd4e4b4ef5ca876 [No types assigned]
Added Reference

								
							
							
						
kernel.org https://git.kernel.org/stable/c/40a2757de2c376ef8a08d9ee9c81e77f3c750adf [No types assigned]
Added Reference

								
							
							
						
kernel.org https://git.kernel.org/stable/c/6576dd6695f2afca3f4954029ac4a64f82ba60ab [No types assigned]
Added Reference

								
							
							
						
kernel.org https://git.kernel.org/stable/c/74866c16ea2183f52925fa5d76061a1fe7f7737b [No types assigned]
Added Reference

								
							
							
						
kernel.org https://git.kernel.org/stable/c/efdde00d4a1ef10bb71e09ebc67823a3d3ad725b [No types assigned]