CVE-2024-27058

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> tmpfs: fix race on handling dquot rbtree<br /> <br /> A syzkaller reproducer found a race while attempting to remove dquot<br /> information from the rb tree.<br /> <br /> Fetching the rb_tree root node must also be protected by the<br /> dqopt-&gt;dqio_sem, otherwise, giving the right timing, shmem_release_dquot()<br /> will trigger a warning because it couldn&amp;#39;t find a node in the tree, when<br /> the real reason was the root node changing before the search starts:<br /> <br /> Thread 1 Thread 2<br /> - shmem_release_dquot() - shmem_{acquire,release}_dquot()<br /> <br /> - fetch ROOT - Fetch ROOT<br /> <br /> - acquire dqio_sem<br /> - wait dqio_sem<br /> <br /> - do something, triger a tree rebalance<br /> - release dqio_sem<br /> <br /> - acquire dqio_sem<br /> - start searching for the node, but<br /> from the wrong location, missing<br /> the node, and triggering a warning.