Linux Kernel NTFS3 Filesystem Deadlock Vulnerability

A deadlock vulnerability has been identified in the Linux kernel's NTFS3 filesystem implementation. The issue arises when the 'ni_lock' is held while calling 'truncate_setsize()', leading to a silent deadlock with the 'PG_locked' bit. This situation occurs because 'filemap_update_page()' invokes 'filemap_read_folio()' after locking the folio, which sets the 'PG_locked' bit. Consequently, 'ntfs_truncate()' should avoid calling 'truncate_setsize()' while holding the 'ni_lock', as it will block until the 'PG_locked' bit is cleared, creating a hung task scenario.

Impact

Exploitation of this vulnerability leads to a deadlock, causing a hung task situation where the process is stuck and unable to proceed.

Reproduction

The vulnerability can be reproduced by performing a file operation that triggers the 'ntfs_truncate()' function in the NTFS3 filesystem while the 'ni_lock' is held. This can be done by manipulating file sizes in a way that causes the 'truncate_setsize()' function to be called without releasing the lock first, thereby creating a conflict with the 'PG_locked' bit management.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for upgrading the Linux kernel can be found in the official Linux documentation.