Linux Kernel JFS Transaction Manager Waitqueue Initialization Vulnerability

A vulnerability in the Linux kernel's JFS (Journaled File System) transaction manager has been identified, where the initialization of the waitqueue for transaction block 0 was not properly handled. This issue can lead to a system crash when the function txEnd(0) is called on read-only filesystems. The problem arises because, on read-only filesystems, the function txBegin() returns a transaction ID of 0, indicating that no transaction is active. However, txEnd(0) is still invoked, attempting to access the waitqueue for transaction block 0. Since the initialization process for the transaction blocks started at index 1 instead of 0, the waitqueue for block 0 was never initialized. This oversight triggers a lockdep warning about a non-static key and results in a system crash.

Impact

The vulnerability causes a system crash and a lockdep warning about a non-static key, indicating a problem with the kernel's locking mechanism.

Reproduction

To reproduce this vulnerability, mount a filesystem as read-only and then call the txEnd(0) function. This will trigger the crash because the transaction manager did not properly initialize the waitqueue for transaction block 0.

Remediation

Users can apply the available patch to fix this vulnerability. The patch is included in the official Linux kernel repository.