Linux Kernel NTFS3 Filesystem Deadlock Vulnerability Reversion

A deadlock vulnerability in the Linux kernel's NTFS3 filesystem has been addressed by reverting a previous change that replaced conditional lock acquisition with a standard lock. This issue, reported by syzbot, was resolved by reintroducing conditional locking, which had been removed to address an xfstest bug. The deadlock no longer occurs in kernel version 6.16-rc1, suggesting that changes in other modules may have played a role. The vulnerability affects the Linux kernel stable tree.

Impact

The reversion of the locking mechanism in the NTFS3 filesystem could lead to improved concurrency and reduced risk of deadlocks, enhancing overall system stability.

Reproduction

The vulnerability can be reproduced by accessing a file in the NTFS3 filesystem via memory-mapped I/O, while the file's initialized size is less than the desired range. This scenario will trigger the deadlock by causing the kernel to attempt to acquire a lock on the inode, which can lead to a blocking situation if not managed conditionally.

Remediation

Users can upgrade to the latest version of the Linux kernel stable tree, where this vulnerability has been addressed.