Linux Kernel EROFS File System Denial-of-Service Vulnerability via Hooked Chain Loops

A denial-of-service vulnerability has been identified in the Linux kernel's EROFS (Enhanced Read-Only File System) implementation. This issue arises from a flaw in how hooked chains of pclusters (physical clusters) are managed, particularly in data-deduplicated compressed images. Under certain conditions, two chains can link simultaneously, creating a loop that prevents the proper submission of file pages, leaving them locked indefinitely. This vulnerability was discovered after extensive testing with images containing repeated patterns, which stressed the EROFS file system for over 46 days.

Impact

Exploitation of this vulnerability leads to file pages remaining locked indefinitely, causing a denial-of-service condition where the affected resources cannot be accessed or released as normal.

Reproduction

The vulnerability can be reproduced by creating a hand-crafted EROFS image with deduplication and repeated patterns. After applying this image to a system, stress the file system with multi-threaded workloads for an extended period, over 46 days. This will create the conditions for two chains of pclusters to link simultaneously and form a loop, causing the file pages to remain locked.

Remediation

Users can upgrade to the patched version of the Linux kernel where this vulnerability has been addressed. The specific commit that resolves this issue is 267f2492c8f7.