Linux Kernel Disconnected Dentry Leak Vulnerability in VFS

A vulnerability in the Linux kernel's Virtual File System (VFS) can lead to a memory leak of disconnected dentries during the unmount process. This issue arises when the 'open_by_handle_at()' function is called on an uncached inode, creating a disconnected dentry. If this dentry is a directory, it may fail to reconnect properly to the dentry tree, especially in cases of file system corruption or race conditions with renaming. As a result, the dentry remains in memory and can cause the 'Busy inodes after unmount' error if the unmount operation is performed first. This vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability can cause a memory leak of dentry objects, leading to increased memory usage and the potential for hitting the 'Busy inodes after unmount' bug, which can disrupt normal file system operations.

Reproduction

The vulnerability can be reproduced by calling 'open_by_handle_at()' on an uncached inode that is not properly connected to the dentry tree. This can be done by creating a scenario where the file system is corrupted or by introducing a race condition with a rename operation. Once the disconnected dentry is created, it can be left unmarked and not reclaimed, leading to the memory leak.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been addressed. Instructions for downloading the latest version can be found on the official Linux kernel website.