CVE-2024-56586: Linux Kernel Vulnerability - f2fs_bug_on in f2fs_evict_inode Resolved

Introduction: A vulnerability in the Linux kernel involving the use of the f2fs_bug_on function has been resolved. This issue could potentially lead to crashes when unmounting a filesystem after a specific series of actions, including creating a large file, removing it, and then unmounting the filesystem. The solution involves redirtying the inode when there are no free segments during a checkpoint disable.

Background: In the Linux kernel, an issue has been discovered and resolved in the f2fs (Flash Friendly File System) implementation. The vulnerability occurs when uninstalling a filesystem and calling the function f2fs_evict_inode. It is triggered after a series of operations, including creating large files during a checkpoint disable, removing said files, and then unmounting the filesystem.

Root Cause: The root cause of the vulnerability is a lack of free segments when writing back the root inode after disabling the checkpoint. Upon unmounting the filesystem after enabling the checkpoint, the root inode is dirty in the f2fs_evict_inode function, triggering the BUG_ON.

Reproduction: The steps to reproduce this vulnerability are as follows

dd if=/dev/zero of=f2fs.img bs=1M count=55
mount f2fs.img f2fs_dir -o checkpoint=disable:10%
dd if=/dev/zero of=big bs=1M count=50
sync
rm big
mount -o remount,checkpoint=enable f2fs_dir
umount f2fs_dir

Solution: The vulnerability is resolved by making sure to redirty the inode when there are no free segments remaining during a checkpoint disable. This will prevent the BUG_ON from being triggered.

References

- Redirty Inode Patch
- Linux Kernel Mailing List - Original Discussion
- CVE-2024-56586 (not published yet)

Conclusion: With the implementation of the redirty inode method, the Linux kernel vulnerability involving the f2fs_bug_on function call in the f2fs_evict_inode operation has been resolved. Users are encouraged to apply the patch to avoid potential crashes when unmounting filesystems after specific operations.

Timeline

Published on: 12/27/2024 15:15:17 UTC
Last modified on: 01/20/2025 06:23:35 UTC