Linux Kernel NTFS3 Inode Run Lock Initialization Vulnerability

A vulnerability exists in the Linux kernel's NTFS3 file system handling, specifically related to the initialization of a run lock for extend inodes. When the inode mode of the $Extend attribute is set to a regular file, the truncate system call triggers the do_truncate() routine. This process exposes an uninitialized run_lock error, as reported by syzbot. The issue arises because, prior to a certain patch, the do_truncate() routine was not activated unless the $Extend inode mode was already set to a regular file. The vulnerability has been addressed by adding the necessary run_lock initialization when loading the $Extend inode.

Impact

Exploitation of this vulnerability leads to the registration of a non-static key, which can cause various locking issues within the kernel, as indicated by the syzbot report.

Reproduction

To reproduce this vulnerability, set the inode mode of the $Extend attribute to a regular file. Then, execute the truncate system call, which will enter the do_truncate() routine. This will trigger the uninitialized run_lock error.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.