Linux Kernel F2FS Filesystem Dentry Cache Invalidation Vulnerability

A vulnerability exists in the Linux kernel's F2FS (Flash-Friendly File System) implementation, specifically in versions prior to the latest patch. The issue arises when F2FS mounts filesystems with corrupted directory depth values, which are incorrectly clamped to the maximum directory hash depth. During RENAME_WHITEOUT operations on these corrupted directories, the F2FS rename function updates directory entries on disk before successfully adding the whiteout entry. If the addition of the whiteout entry fails due to the directory corruption, the error is returned to the Virtual File System (VFS), but the initial directory changes have already been written to disk. This leaves the VFS with stale cache entries that no longer reflect the actual state of the filesystem, causing subsequent operations to reference freed inodes and potentially leading to warnings about invalid link counts.

Impact

This vulnerability can cause the VFS to use cached dentry information that no longer matches the on-disk state, leading to incorrect references to freed inodes. When a subsequent rename operation targets the same entry, it can trigger a warning about an already zeroed link count on the stale inode, indicating a potential inconsistency in inode management.

Reproduction

To reproduce this vulnerability, mount an F2FS image with a corrupted directory depth. Then, perform a rename operation using the RENAME_WHITEOUT flag to create a whiteout entry. After that, attempt to rename another file to the same target name without the whiteout flag. The system will trigger a warning about the link count on the stale inode, demonstrating the cache inconsistency caused by the vulnerability.

Remediation

The vulnerability has been addressed by modifying the F2FS rename function to invalidate the dentry cache entries when the addition of a whiteout link fails. Users should update to the latest version of the Linux kernel where this patch is applied.