kernel-5.14.0-503.35.1.el9_5
エラータID: AXSA:2025-9843:26
リリース日:
2025/04/10 Thursday - 09:57
題名:
kernel-5.14.0-503.35.1.el9_5
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- kernel の md ドライバには、デッドロックを起こす問題があるため、
ローカルの攻撃者により、サービス拒否攻撃を可能とする脆弱性が
存在します。(CVE-2024-43855)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-43855
In the Linux kernel, the following vulnerability has been resolved: md: fix deadlock between mddev_suspend and flush bio Deadlock occurs when mddev is being suspended while some flush bio is in progress. It is a complex issue. T1. the first flush is at the ending stage, it clears 'mddev->flush_bio' and tries to submit data, but is blocked because mddev is suspended by T4. T2. the second flush sets 'mddev->flush_bio', and attempts to queue md_submit_flush_data(), which is already running (T1) and won't execute again if on the same CPU as T1. T3. the third flush inc active_io and tries to flush, but is blocked because 'mddev->flush_bio' is not NULL (set by T2). T4. mddev_suspend() is called and waits for active_io dec to 0 which is inc by T3. T1 T2 T3 T4 (flush 1) (flush 2) (third 3) (suspend) md_submit_flush_data mddev->flush_bio = NULL; . . md_flush_request . mddev->flush_bio = bio . queue submit_flushes . . . . md_handle_request . . active_io + 1 . . md_flush_request . . wait !mddev->flush_bio . . . . mddev_suspend . . wait !active_io . . . submit_flushes . queue_work md_submit_flush_data . //md_submit_flush_data is already running (T1) . md_handle_request wait resume The root issue is non-atomic inc/dec of active_io during flush process. active_io is dec before md_submit_flush_data is queued, and inc soon after md_submit_flush_data() run. md_flush_request active_io + 1 submit_flushes active_io - 1 md_submit_flush_data md_handle_request active_io + 1 make_request active_io - 1 If active_io is dec after md_handle_request() instead of within submit_flushes(), make_request() can be called directly intead of md_handle_request() in md_submit_flush_data(), and active_io will only inc and dec once in the whole flush process. Deadlock will be fixed. Additionally, the only difference between fixing the issue and before is that there is no return error handling of make_request(). But after previous patch cleaned md_write_start(), make_requst() only return error in raid5_make_request() by dm-raid, see commit 41425f96d7aa ("dm-raid456, md/raid456: fix a deadlock for dm-raid456 while io concurrent with reshape)". Since dm always splits data and flush operation into two separate io, io size of flush submitted by dm always is 0, make_request() will not be called in md_submit_flush_data(). To prevent future modifications from introducing issues, add WARN_ON to ensure make_request() no error is returned in this context.
In the Linux kernel, the following vulnerability has been resolved: md: fix deadlock between mddev_suspend and flush bio Deadlock occurs when mddev is being suspended while some flush bio is in progress. It is a complex issue. T1. the first flush is at the ending stage, it clears 'mddev->flush_bio' and tries to submit data, but is blocked because mddev is suspended by T4. T2. the second flush sets 'mddev->flush_bio', and attempts to queue md_submit_flush_data(), which is already running (T1) and won't execute again if on the same CPU as T1. T3. the third flush inc active_io and tries to flush, but is blocked because 'mddev->flush_bio' is not NULL (set by T2). T4. mddev_suspend() is called and waits for active_io dec to 0 which is inc by T3. T1 T2 T3 T4 (flush 1) (flush 2) (third 3) (suspend) md_submit_flush_data mddev->flush_bio = NULL; . . md_flush_request . mddev->flush_bio = bio . queue submit_flushes . . . . md_handle_request . . active_io + 1 . . md_flush_request . . wait !mddev->flush_bio . . . . mddev_suspend . . wait !active_io . . . submit_flushes . queue_work md_submit_flush_data . //md_submit_flush_data is already running (T1) . md_handle_request wait resume The root issue is non-atomic inc/dec of active_io during flush process. active_io is dec before md_submit_flush_data is queued, and inc soon after md_submit_flush_data() run. md_flush_request active_io + 1 submit_flushes active_io - 1 md_submit_flush_data md_handle_request active_io + 1 make_request active_io - 1 If active_io is dec after md_handle_request() instead of within submit_flushes(), make_request() can be called directly intead of md_handle_request() in md_submit_flush_data(), and active_io will only inc and dec once in the whole flush process. Deadlock will be fixed. Additionally, the only difference between fixing the issue and before is that there is no return error handling of make_request(). But after previous patch cleaned md_write_start(), make_requst() only return error in raid5_make_request() by dm-raid, see commit 41425f96d7aa ("dm-raid456, md/raid456: fix a deadlock for dm-raid456 while io concurrent with reshape)". Since dm always splits data and flush operation into two separate io, io size of flush submitted by dm always is 0, make_request() will not be called in md_submit_flush_data(). To prevent future modifications from introducing issues, add WARN_ON to ensure make_request() no error is returned in this context.
追加情報:
N/A
ダウンロード:
SRPMS
- kernel-5.14.0-503.35.1.el9_5.src.rpm
MD5: 26af3026319573b6bfc80b10ceb98e90
SHA-256: 0949bf19390fd0692cc0a6070c5303f32e3a3e573fbd62fc2f1b1e7d8574939d
Size: 139.63 MB
Asianux Server 9 for x86_64
- bpftool-7.4.0-503.35.1.el9_5.x86_64.rpm
MD5: 2ca21c783c9b83c2d51dd600aef86901
SHA-256: ba6b8b8000c0a45e75acd06b7a3d3f23b57cff7bf2dd4b65259bcbc5795eaa9f
Size: 2.81 MB - kernel-5.14.0-503.35.1.el9_5.x86_64.rpm
MD5: 74c236a0df286654040d388184ce4c2d
SHA-256: fb2c3155af068ab4d647473d96b0381309a6b7ba36cbd04f1493f3b513bf8a96
Size: 2.04 MB - kernel-abi-stablelists-5.14.0-503.35.1.el9_5.noarch.rpm
MD5: 4da129fde44bcea31458219d9155ab37
SHA-256: f2ecdc2a75182a5c501441d753f0b260865bb49c0d15037557402a890dda2d6a
Size: 2.06 MB - kernel-core-5.14.0-503.35.1.el9_5.x86_64.rpm
MD5: 0afa3c6f01d95ba902639beb86b96c92
SHA-256: 06d13fb4e233edbc42b680fae81904726664c158f89121e4c04cf8b4b10910b0
Size: 17.66 MB - kernel-cross-headers-5.14.0-503.35.1.el9_5.x86_64.rpm
MD5: 64740ff6455f5c911c6df5561d224b83
SHA-256: 279ca515e23ef475bef6ff096350d8165c4ea2dc04c3abd7102d43073cf433cd
Size: 8.79 MB - kernel-debug-5.14.0-503.35.1.el9_5.x86_64.rpm
MD5: 299ff31abfe3daa5cfaae4c77f24031c
SHA-256: 2ae12b98b6aba690eb843d723c4c324181bf480c52a9643a728b270a8f03230f
Size: 2.04 MB - kernel-debug-core-5.14.0-503.35.1.el9_5.x86_64.rpm
MD5: 4ee74e2c0223b201b580699f9d3ccde9
SHA-256: 5e0711b2e611ec11778d016752e3ef9edf85488e11ffe60b8dabda966b2b95d8
Size: 30.73 MB - kernel-debug-devel-5.14.0-503.35.1.el9_5.x86_64.rpm
MD5: e2722ffcfef764385688db56f0059965
SHA-256: 0bf33ec63837d9fad1818e4b991e45ebb58359280b5f78092ecf1bf7111eadf7
Size: 21.77 MB - kernel-debug-devel-matched-5.14.0-503.35.1.el9_5.x86_64.rpm
MD5: efb675699233b3953002e3bfb2a0f75d
SHA-256: bcef0e2b6de0660f9a42e128db1eab8b253a2d3959a8dbc461f295913bfad38c
Size: 2.04 MB - kernel-debug-modules-5.14.0-503.35.1.el9_5.x86_64.rpm
MD5: 8d4ceea282c62964dbd8dc1394183be0
SHA-256: b1231b7123ad93e98b85577fa706c35fc27fc682925f87b1f9e5aecb8e650a5a
Size: 62.72 MB - kernel-debug-modules-core-5.14.0-503.35.1.el9_5.x86_64.rpm
MD5: fcff6922989b4269282bc100b849db4b
SHA-256: 9b58fbc4d4703fada2b0bcfd980ec6903243fd3954326730d59de3e24584268b
Size: 48.00 MB - kernel-debug-modules-extra-5.14.0-503.35.1.el9_5.x86_64.rpm
MD5: 77829656fa78b3ada3da165e05facc77
SHA-256: 0cde7dcb98035c6da399f3e23f82f8ae9727ff8f0f56d28e214164b4af48a0aa
Size: 2.90 MB - kernel-debug-uki-virt-5.14.0-503.35.1.el9_5.x86_64.rpm
MD5: 41556a73ff8c179753c8372f271c8d46
SHA-256: b96e0909d346c1cc80157b5ab58c4301faaa732efb0bf11a8f3b7443a9d40a2d
Size: 81.31 MB - kernel-devel-5.14.0-503.35.1.el9_5.x86_64.rpm
MD5: 8225b684a6d12d3a35aab8786ef7a93c
SHA-256: f1b15a5519e0c6ac38c22a686ecbdabe2a88c7f5a223e5a420478e5974044a10
Size: 21.57 MB - kernel-devel-matched-5.14.0-503.35.1.el9_5.x86_64.rpm
MD5: fb7ef97210635b790469d166defa42ec
SHA-256: 9e186b6a211f900433881bc3d745ab02e839b1f7ba7251fd8c5e190486d04ed2
Size: 2.04 MB - kernel-doc-5.14.0-503.35.1.el9_5.noarch.rpm
MD5: c30b5bf209d38f36d2280881b1ec5dff
SHA-256: e2bcbb777448d9275f8c792ed922a700aab625034c76e022bd9622f68c798d25
Size: 37.44 MB - kernel-headers-5.14.0-503.35.1.el9_5.x86_64.rpm
MD5: aff49ec0b63cc8b592bb592c350a06a3
SHA-256: ff8dbf97a02c4d06d7f21c0f96679d149dfb5d1f4b52d2db605b4ec645626cd7
Size: 3.75 MB - kernel-modules-5.14.0-503.35.1.el9_5.x86_64.rpm
MD5: 5f17b4b1cd44e61c74af5fe1ac41a86d
SHA-256: 5864d67698d8914a0633d547daf0c700b1a7deedeb65daeae49ac42fc04c3726
Size: 36.57 MB - kernel-modules-core-5.14.0-503.35.1.el9_5.x86_64.rpm
MD5: 197c4ef9983af3d77dea9f4f18c2cc71
SHA-256: d33d9caf79201483fd360337c7db1a2eecdf3b2eb4ea4fec7e2cc386856d94d4
Size: 30.46 MB - kernel-modules-extra-5.14.0-503.35.1.el9_5.x86_64.rpm
MD5: 0ca96379736d03ce7c15699729f7dfba
SHA-256: 96da3e2909367d623fa35356e60fbc72a16ef72d791752406cbd5e9fad90a32e
Size: 2.51 MB - kernel-tools-5.14.0-503.35.1.el9_5.x86_64.rpm
MD5: edcb22a4bc9ff96a80e67a5913e69840
SHA-256: c93e4487a9fecdaf4b8251e0ea731dbe47cce876c8f187c542f04c61252c91a7
Size: 2.30 MB - kernel-tools-libs-5.14.0-503.35.1.el9_5.x86_64.rpm
MD5: cc0c769f4f333559b96f78ac2c2a1e84
SHA-256: da0b644ec2c10dc9ab9d647e24e28f0e29ee04f5e5f985982faad6c31571af3c
Size: 2.05 MB - kernel-tools-libs-devel-5.14.0-503.35.1.el9_5.x86_64.rpm
MD5: 4a1ca0c296676af0952fcd7e65293a38
SHA-256: b0198b3562bfa2bbc4dd1387fa8455ed2f956270a1205d9eef100671fe5ed19d
Size: 2.04 MB - kernel-uki-virt-5.14.0-503.35.1.el9_5.x86_64.rpm
MD5: cba7d1da84df3a4d7211e77d05fb4a3b
SHA-256: 798a6c60b6e8dc94c41b8c3ec8c66086f9b4ea7bc6fa4faa513851617fe914e3
Size: 60.51 MB - kernel-uki-virt-addons-5.14.0-503.35.1.el9_5.x86_64.rpm
MD5: 4346a73c0318299fc8482050de96dc73
SHA-256: 23b2978e8f4bc8ce581cf84d2ff7271aad29b97b1aa0b70d320387724438c653
Size: 2.06 MB - libperf-5.14.0-503.35.1.el9_5.x86_64.rpm
MD5: a011c4161edf8f2cae48b9ad6209f366
SHA-256: 88b9f7211d02be7d4c78521c19e135ea759c5d9f98442920d3d8f9c6749407a5
Size: 2.06 MB - perf-5.14.0-503.35.1.el9_5.x86_64.rpm
MD5: 754119d8be677e7eed8e23d306936759
SHA-256: 68d1671230354e5df37a51de5567b2404ea7f7a709936c8a78fd724cdaa2c5e2
Size: 4.22 MB - python3-perf-5.14.0-503.35.1.el9_5.x86_64.rpm
MD5: 447b6d52567e96b8b55b6abd345e5bff
SHA-256: d56f0afb414645104a9ddf342513042287c67e5da7338edafb3a22d7dd262fa4
Size: 2.14 MB - rtla-5.14.0-503.35.1.el9_5.x86_64.rpm
MD5: 5974e7520f5188f96eb9bcde54aef087
SHA-256: 4d31906e6eed913edf497bf1f0deb1d603269e29d0f06abcad2b3e72a5a5345c
Size: 2.09 MB - rv-5.14.0-503.35.1.el9_5.x86_64.rpm
MD5: 8b0798919e580b63e47d461e4ea6ca72
SHA-256: 7b34adb089e466d3c26fbe82c0a21cc00bfb70c33d031ccb23aa1c086a905c93
Size: 2.05 MB