Linux Kernel OverlayFS Inode Handling Vulnerability in inotify Integration

A vulnerability in the Linux kernel's OverlayFS implementation can be triggered by userspace interactions with inotify. When an OverlayFS inode's dentry aliases are discarded, the inotify_show_fdinfo() function can encounter a WARN_ON() assertion failure. This issue arises because the function fails to encode the file handle for the OverlayFS inode, which is critical for proper event reporting. The problem stems from the ovl_encode_fh() function's reliance on finding an alias for the inode, a step that can be deferred to avoid failures in common scenarios, such as with FAN_DELETE_SELF events.

Impact

The vulnerability disrupts the proper encoding of OverlayFS file handles, leading to incomplete reporting of fanotify events, particularly those related to self-deletion.

Reproduction

The vulnerability can be reproduced by creating an OverlayFS watched inode and then discarding its dentry aliases. Following this, calling the inotify_show_fdinfo() function will trigger the WARN_ON() assertion, demonstrating the failure to encode the OverlayFS file handle.

Remediation

No specific remediation is provided, but the issue has been addressed in the Linux kernel.