CVE-2026-23356
Description
In the Linux kernel, the following vulnerability has been resolved:drbd: fix LOGIC BUG in drbd_al_begin_io_nonblock()Even though we check that we should be able to do lc_get_cumulative()while holding the device->al_lock spinlock, it may still fail,if some other code path decided to do lc_try_lock() with bad timing.If that happened, we logged LOGIC BUG for enr=...,but still did not return an error.The rest of the code now assumed that this request has referencesfor the relevant activity log extents.The implcations are that during an active resync, mutual exclusivity ofresync versus application IO is not guaranteed. And a potential crashat this point may not realizs that these extents could have been targetof in-flight IO and would need to be resynced just in case.Also, once the request completes, it will give up activity log references itdoes not even hold, which will trigger a BUG_ON(refcnt == 0) in lc_put().Fix:Do not crash the kernel for a condition that is harmless during normaloperation: also catch e->refcnt == 0, not only e == nullwhen being noisy about al_complete_io() called on inactive extent %un.And do not try to be smart and guess whether something will work, thenbe surprised when it does not.Deal with the fact that it may or may not work. If it does not, remember apossible partially in activity log state (only possible for requests thatcross extent boundaries), and return an error code fromdrbd_al_begin_io_nonblock().A latter call for the same request will then resume from where we left off.
Risk Information
Associated Vulnerability
No records foundPatch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234