Improper Locking Affecting dlm-kmp-default package, versions <6.4.0-150600.23.7.3

Note: Versions mentioned in the description apply only to the upstream dlm-kmp-default package and not the dlm-kmp-default package as distributed by SLES. See How to fix? for SLES:15.6 relevant fixed versions and status.

In the Linux kernel, the following vulnerability has been resolved:

block: fix deadlock between bd_link_disk_holder and partition scan

'open_mutex' of gendisk is used to protect open/close block devices. But in bd_link_disk_holder(), it is used to protect the creation of symlink between holding disk and slave bdev, which introduces some issues.

When bd_link_disk_holder() is called, the driver is usually in the process of initialization/modification and may suspend submitting io. At this time, any io hold 'open_mutex', such as scanning partitions, can cause deadlocks. For example, in raid:

T1 T2 bdev_open_by_dev lock open_mutex [1] ... efi_partition ... md_submit_bio md_ioctl mddev_syspend -> suspend all io md_add_new_disk bind_rdev_to_array bd_link_disk_holder try lock open_mutex [2] md_handle_request -> wait mddev_resume

T1 scan partition, T2 add a new device to raid. T1 waits for T2 to resume mddev, but T2 waits for open_mutex held by T1. Deadlock occurs.

Fix it by introducing a local mutex 'blk_holder_mutex' to replace 'open_mutex'.

• https://www.suse.com/security/cve/CVE-2024-26899.html
• https://bugzilla.suse.com/1223045
• https://git.kernel.org/stable/c/03f12122b20b6e6028e9ed69030a49f9cffcbb75
• https://git.kernel.org/stable/c/1e5c5b0abaee7b62a10b9707a62083b71ad21f62
• https://git.kernel.org/stable/c/5a87c1f7993bc8ac358a3766bac5dc7126e01e98