Linux Kernel OCFS2 Recursive Semaphore Deadlock Vulnerability in FIEMAP Call

A deadlock vulnerability has been identified in the OCFS2 file system of the Linux kernel, specifically within the FIEMAP ioctl handling. This issue arises from a recursive semaphore lock that leads to a hang in the file system when a specially crafted mmap file is accessed. The problem occurs because the OCFS2 FIEMAP implementation holds a read lock on the inode allocation semaphore while reading the extent list of a running mmap executable. This action can trigger a page fault, causing the system to attempt to acquire a write lock on the same semaphore, which is already held. This recursive locking behavior disrupts the normal operation and causes a deadlock, freezing the file system.

Impact

Exploitation of this vulnerability leads to a deadlock condition in the OCFS2 file system, causing it to hang and become unresponsive.

Reproduction

The vulnerability can be reproduced by performing a FIEMAP ioctl operation on an OCFS2 file system with a specially crafted mmap file. This operation will trigger a recursive semaphore lock, first acquiring a read lock while accessing the extent list, and then causing a page fault that attempts to acquire a write lock on the same semaphore, leading to a deadlock.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for upgrading can be found in the official Linux kernel documentation.