Linux Kernel Nilfs2 Infinite Loop Vulnerability in Metadata Block Handling

A vulnerability in the Linux kernel's nilfs2 file system can lead to an infinite loop when processing metadata blocks. This issue arises if the disk image is corrupted, causing invalid block addresses to be returned. The function responsible for looking up metadata blocks may then misinterpret these invalid addresses as a normal condition, leading to continuous reading and creation of metadata blocks. This problem can cause the system to hang, particularly if the inode metadata file is affected, as a semaphore can be left in a locked state.

Impact

The vulnerability can cause a deadlock by leaving a semaphore held, which leads to task hangs in the lock_mount process.

Reproduction

To reproduce this vulnerability, mount a nilfs2 file system using a corrupted disk image. When the file system attempts to look up metadata blocks, the corruption will cause invalid block addresses to be returned. This will confuse the block handling function, nilfs_mdt_get_block(), which will then enter an infinite loop, continuously reading and creating metadata blocks. If this occurs with the inode metadata file, the associated semaphore can be left held, causing a task hang.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the official Linux kernel website.