CVE-2025-21654

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ovl: support encoding fid from inode with no alias<br /> <br /> Dmitry Safonov reported that a WARN_ON() assertion can be trigered by<br /> userspace when calling inotify_show_fdinfo() for an overlayfs watched<br /> inode, whose dentry aliases were discarded with drop_caches.<br /> <br /> The WARN_ON() assertion in inotify_show_fdinfo() was removed, because<br /> it is possible for encoding file handle to fail for other reason, but<br /> the impact of failing to encode an overlayfs file handle goes beyond<br /> this assertion.<br /> <br /> As shown in the LTP test case mentioned in the link below, failure to<br /> encode an overlayfs file handle from a non-aliased inode also leads to<br /> failure to report an fid with FAN_DELETE_SELF fanotify events.<br /> <br /> As Dmitry notes in his analyzis of the problem, ovl_encode_fh() fails<br /> if it cannot find an alias for the inode, but this failure can be fixed.<br /> ovl_encode_fh() seldom uses the alias and in the case of non-decodable<br /> file handles, as is often the case with fanotify fid info,<br /> ovl_encode_fh() never needs to use the alias to encode a file handle.<br /> <br /> Defer finding an alias until it is actually needed so ovl_encode_fh()<br /> will not fail in the common case of FAN_DELETE_SELF fanotify events.