hulk inclusion category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9Q98W CVE: CVE-2024-35808
--------------------------------
In raid_message(), MD_RECOVERY_FROZEN should always remain set after array is frozen, and subsequent attempts to wake up sync_thread in this function are meaningless for frozen arrays, as sync_thread is deleted after frozen. Therefore, return directly after setting frozen in raid_message().
Fixes: cd32b27a66db ("md/dm-raid: don't call md_reap_sync_thread() directly") Signed-off-by: Li Nan linan122@huawei.com --- drivers/md/dm-raid.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/drivers/md/dm-raid.c b/drivers/md/dm-raid.c index 92587efb5b95..698bd973442a 100644 --- a/drivers/md/dm-raid.c +++ b/drivers/md/dm-raid.c @@ -3702,12 +3702,16 @@ static int raid_message(struct dm_target *ti, unsigned int argc, char **argv, if (!mddev->pers || !mddev->pers->sync_request) return -EINVAL;
- if (!strcasecmp(argv[0], "frozen")) + if (!strcasecmp(argv[0], "frozen")) { frozen_sync_thread(mddev); - else if (!strcasecmp(argv[0], "idle")) + return 0; + } + + if (!strcasecmp(argv[0], "idle")) idle_sync_thread(mddev); + else + clear_bit(MD_RECOVERY_FROZEN, &mddev->recovery);
- clear_bit(MD_RECOVERY_FROZEN, &mddev->recovery); if (decipher_sync_action(mddev, mddev->recovery) != st_idle) return -EBUSY; else if (!strcasecmp(argv[0], "resync"))