APPLIED: [SRU][N][PATCH 0/1] CVE-2024-50229

Koichiro Den koichiro.den at canonical.com
Fri Jan 31 02:27:23 UTC 2025 

On Thu, Jan 16, 2025 at 11:46:24AM GMT, Massimiliano Pellizzer wrote:
> [Impact]
> 
> nilfs2: fix potential deadlock with newly created symlinks
> Syzbot reported that page_symlink(), called by nilfs_symlink(), triggers
> memory reclamation involving the filesystem layer, which can result in
> circular lock dependencies among the reader/writer semaphore
> nilfs->ns_segctor_sem, s_writers percpu_rwsem (intwrite) and the
> fs_reclaim pseudo lock.
> 
> This is because after commit 21fc61c73c39 ("don't put symlink bodies in
> pagecache into highmem"), the gfp flags of the page cache for symbolic
> links are overwritten to GFP_KERNEL via inode_nohighmem().
> 
> This is not a problem for symlinks read from the backing device, because
> the __GFP_FS flag is dropped after inode_nohighmem() is called.  However,
> when a new symlink is created with nilfs_symlink(), the gfp flags remain
> overwritten to GFP_KERNEL.  Then, memory allocation called from
> page_symlink() etc.  triggers memory reclamation including the FS layer,
> which may call nilfs_evict_inode() or nilfs_dirty_inode().  And these can
> cause a deadlock if they are called while nilfs->ns_segctor_sem is held:
> 
> Fix this issue by dropping the __GFP_FS flag from the page cache GFP flags
> of newly created symlinks in the same way that nilfs_new_inode() and
> __nilfs_read_inode() do, as a workaround until we adopt nofs allocation
> scope consistently or improve the locking constraints.
> 
> [Fix]
> 
> Oracular: Fixed via upstream stable update (d737efb1e1a81e)
> Noble: Cherry picked from mainline
> Jammy: Fixed via upstream stable update (558c9ca997c64f)
> Focal: Fixed via upstream stable update (da4118714658cc)
> Bionic: Sent to ESM ML
> Xenial: Sent to ESM ML
> 
> [Test Case]
> 
> Compile, boot and stress tested a nilfs2 partition using stress-ng.
> 
> [Where problems could occur]
> 
> The fix affects the nilfs2 filesystem's handling of symlinks. An issue
> with this fix may lead to system instability (crashes or hangs) during
> operations involving the creation or manipulatiuon of symbolic links on
> a nilfs2 partition.
> 
> Ryusuke Konishi (1):
>   nilfs2: fix potential deadlock with newly created symlinks
> 
>  fs/nilfs2/namei.c | 3 +++
>  1 file changed, 3 insertions(+)
> 

Applied to noble:linux master-next branch. Thanks!

More information about the kernel-team mailing list