{"id":"CVE-2024-39476","summary":"md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING\n\nXiao reported that lvm2 test lvconvert-raid-takeover.sh can hang with\nsmall possibility, the root cause is exactly the same as commit\nbed9e27baf52 (\"Revert \"md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d\"\")\n\nHowever, Dan reported another hang after that, and junxiao investigated\nthe problem and found out that this is caused by plugged bio can't issue\nfrom raid5d().\n\nCurrent implementation in raid5d() has a weird dependence:\n\n1) md_check_recovery() from raid5d() must hold 'reconfig_mutex' to clear\n   MD_SB_CHANGE_PENDING;\n2) raid5d() handles IO in a deadloop, until all IO are issued;\n3) IO from raid5d() must wait for MD_SB_CHANGE_PENDING to be cleared;\n\nThis behaviour is introduce before v2.6, and for consequence, if other\ncontext hold 'reconfig_mutex', and md_check_recovery() can't update\nsuper_block, then raid5d() will waste one cpu 100% by the deadloop, until\n'reconfig_mutex' is released.\n\nRefer to the implementation from raid1 and raid10, fix this problem by\nskipping issue IO if MD_SB_CHANGE_PENDING is still set after\nmd_check_recovery(), daemon thread will be woken up when 'reconfig_mutex'\nis released. Meanwhile, the hang problem will be fixed as well.","modified":"2026-04-16T04:34:37.563754219Z","published":"2024-07-05T06:55:06.559Z","related":["ALSA-2024:5928","SUSE-SU-2024:3194-1","SUSE-SU-2024:3195-1","SUSE-SU-2024:3383-1","SUSE-SU-2024:3983-1","SUSE-SU-2024:3985-1","SUSE-SU-2024:4100-1","SUSE-SU-2024:4364-1","SUSE-SU-2025:0034-1","SUSE-SU-2025:20044-1","SUSE-SU-2025:20047-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/39xxx/CVE-2024-39476.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/098d54934814dd876963abfe751c3b1cf7fbe56a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/151f66bb618d1fd0eeb84acb61b4a9fa5d8bb0fa"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3f8d5e802d4cedd445f9a89be8c3fd2d0e99024b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/634ba3c97ec413cb10681c7b196db43ee461ecf4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/aa64464c8f4d2ab92f6d0b959a1e0767b829d787"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b32aa95843cac6b12c2c014d40fca18aef24a347"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cd2538e5af495b3c747e503db346470fc1ffc447"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e332a12f65d8fed8cf63bedb4e9317bb872b9ac7"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/39xxx/CVE-2024-39476.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39476"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"f3d55bd5b7b928ad82f8075d89c908702f3593ab"},{"fixed":"b32aa95843cac6b12c2c014d40fca18aef24a347"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"1c00bb624cd084e2006520ad0edacaff0fb941c4"},{"fixed":"634ba3c97ec413cb10681c7b196db43ee461ecf4"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"782b3e71c957991ac8ae53318bc369049d49bb53"},{"fixed":"aa64464c8f4d2ab92f6d0b959a1e0767b829d787"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"9e86dffd0b02594d2e7c60c6db9e889c0395414b"},{"fixed":"098d54934814dd876963abfe751c3b1cf7fbe56a"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"5e2cf333b7bd5d3e62595a44d598a254c697cd74"},{"fixed":"3f8d5e802d4cedd445f9a89be8c3fd2d0e99024b"},{"fixed":"cd2538e5af495b3c747e503db346470fc1ffc447"},{"fixed":"e332a12f65d8fed8cf63bedb4e9317bb872b9ac7"},{"fixed":"151f66bb618d1fd0eeb84acb61b4a9fa5d8bb0fa"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0"},{"last_affected":"7d808fe6af8409cf9f46ed2b10840e5788985e9b"},{"last_affected":"2cab058f2b147e0b7c01546ba00445e5701861f5"},{"last_affected":"91962e40ec3d26e291db230cd45b302da2aff200"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-39476.json"}}],"schema_version":"1.7.5"}