Linux Kernel AFS Subsystem Lock Management Vulnerability

A vulnerability in the Linux kernel's AFS (Andrew File System) subsystem has been addressed. The issue was related to improper lock management, where a lock was held when returning to user space, potentially leading to synchronization problems. This occurred because the function could return directly when the argument count was less than zero, leaving the inode lock unreleased. The vulnerability has been fixed by modifying the function to store the error code and jump to a cleanup section, ensuring that locks are properly released before returning.

Impact

Exploitation of this vulnerability could lead to a deadlock situation, where a process holds a lock and fails to release it, potentially causing system instability or resource contention issues.

Reproduction

The vulnerability can be reproduced by using the Syzkaller fuzzer, which can trigger the AFS address preference write function. This will result in the kernel returning to user space while still holding an inode lock, creating a lock management issue.