CVE-2024-53112

Summary

In the Linux kernel, the following vulnerability has been resolved:

ocfs2: uncache inode which has failed entering the group

Syzbot has reported the following BUG:

kernel BUG at fs/ocfs2/uptodate.c:509! … Call Trace: <TASK> ? __die_body+0x5f/0xb0 ? die+0x9e/0xc0 ? do_trap+0x15a/0x3a0 ? ocfs2_set_new_buffer_uptodate+0x145/0x160 ? do_error_trap+0x1dc/0x2c0 ? ocfs2_set_new_buffer_uptodate+0x145/0x160 ? __pfx_do_error_trap+0x10/0x10 ? handle_invalid_op+0x34/0x40 ? ocfs2_set_new_buffer_uptodate+0x145/0x160 ? exc_invalid_op+0x38/0x50 ? asm_exc_invalid_op+0x1a/0x20 ? ocfs2_set_new_buffer_uptodate+0x2e/0x160 ? ocfs2_set_new_buffer_uptodate+0x144/0x160 ? ocfs2_set_new_buffer_uptodate+0x145/0x160 ocfs2_group_add+0x39f/0x15a0 ? __pfx_ocfs2_group_add+0x10/0x10 ? __pfx_lock_acquire+0x10/0x10 ? mnt_get_write_access+0x68/0x2b0 ? __pfx_lock_release+0x10/0x10 ? rcu_read_lock_any_held+0xb7/0x160 ? __pfx_rcu_read_lock_any_held+0x10/0x10 ? smack_log+0x123/0x540 ? mnt_get_write_access+0x68/0x2b0 ? mnt_get_write_access+0x68/0x2b0 ? mnt_get_write_access+0x226/0x2b0 ocfs2_ioctl+0x65e/0x7d0 ? __pfx_ocfs2_ioctl+0x10/0x10 ? smack_file_ioctl+0x29e/0x3a0 ? __pfx_smack_file_ioctl+0x10/0x10 ? lockdep_hardirqs_on_prepare+0x43d/0x780 ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 ? __pfx_ocfs2_ioctl+0x10/0x10 __se_sys_ioctl+0xfb/0x170 do_syscall_64+0xf3/0x230 entry_SYSCALL_64_after_hwframe+0x77/0x7f … </TASK>

When 'ioctl(OCFS2_IOC_GROUP_ADD, …)' has failed for the particular inode in 'ocfs2_verify_group_and_input()', corresponding buffer head remains cached and subsequent call to the same 'ioctl()' for the same inode issues the BUG() in 'ocfs2_set_new_buffer_uptodate()' (trying to cache the same buffer head of that inode). Fix this by uncaching the buffer head with 'ocfs2_remove_from_cache()' on error path in 'ocfs2_group_add()'.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux7909f2bf835376a20d6dbf853eb459a27566eba2 < ac0cfe8ac35cf1be54131b90d114087b558777caaffected
LinuxLinux7909f2bf835376a20d6dbf853eb459a27566eba2 < 5ae8cc0b0c027e9cab22596049bc4dd1cbc37ee4affected
LinuxLinux7909f2bf835376a20d6dbf853eb459a27566eba2 < 28d4ed71ae0b4baedca3e85ee6d8f227ec75ebf6affected
LinuxLinux7909f2bf835376a20d6dbf853eb459a27566eba2 < 0e04746db2ec4aec04cef5763b9d9aa32829ae2faffected
LinuxLinux7909f2bf835376a20d6dbf853eb459a27566eba2 < 620d22598110b0d0cb97a3fcca65fc473ea86e73affected
LinuxLinux7909f2bf835376a20d6dbf853eb459a27566eba2 < 843dfc804af4b338ead42331dd58081b428ecdf8affected
LinuxLinux7909f2bf835376a20d6dbf853eb459a27566eba2 < b751c50e19d66cfb7360c0b55cf17b0722252d12affected
LinuxLinux7909f2bf835376a20d6dbf853eb459a27566eba2 < 737f34137844d6572ab7d473c998c7f977ff30ebaffected
LinuxLinux2.6.25affected
LinuxLinux0 < 2.6.25unaffected
LinuxLinux4.19.325 <= 4.19.*unaffected
LinuxLinux5.4.287 <= 5.4.*unaffected
LinuxLinux5.10.231 <= 5.10.*unaffected
LinuxLinux5.15.174 <= 5.15.*unaffected
LinuxLinux6.1.119 <= 6.1.*unaffected
LinuxLinux6.6.63 <= 6.6.*unaffected
LinuxLinux6.11.10 <= 6.11.*unaffected
LinuxLinux6.12 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References