CVE-2024-50229

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> nilfs2: fix potential deadlock with newly created symlinks<br /> <br /> Syzbot reported that page_symlink(), called by nilfs_symlink(), triggers<br /> memory reclamation involving the filesystem layer, which can result in<br /> circular lock dependencies among the reader/writer semaphore<br /> nilfs-&gt;ns_segctor_sem, s_writers percpu_rwsem (intwrite) and the<br /> fs_reclaim pseudo lock.<br /> <br /> This is because after commit 21fc61c73c39 ("don&amp;#39;t put symlink bodies in<br /> pagecache into highmem"), the gfp flags of the page cache for symbolic<br /> links are overwritten to GFP_KERNEL via inode_nohighmem().<br /> <br /> This is not a problem for symlinks read from the backing device, because<br /> the __GFP_FS flag is dropped after inode_nohighmem() is called. However,<br /> when a new symlink is created with nilfs_symlink(), the gfp flags remain<br /> overwritten to GFP_KERNEL. Then, memory allocation called from<br /> page_symlink() etc. triggers memory reclamation including the FS layer,<br /> which may call nilfs_evict_inode() or nilfs_dirty_inode(). And these can<br /> cause a deadlock if they are called while nilfs-&gt;ns_segctor_sem is held:<br /> <br /> Fix this issue by dropping the __GFP_FS flag from the page cache GFP flags<br /> of newly created symlinks in the same way that nilfs_new_inode() and<br /> __nilfs_read_inode() do, as a workaround until we adopt nofs allocation<br /> scope consistently or improve the locking constraints.