Linux Kernel JBD2 Deadlock Vulnerability in Journal Revoke Cancellation

A deadlock vulnerability has been identified in the Linux kernel's JBD2 (Journaling Block Device) component, specifically within the journal revoke cancellation process. This issue arises from a change in how block references are managed, leading to a deadlock scenario when certain filesystem conditions are met. The vulnerability occurs in Linux kernel versions prior to the latest patch, affecting filesystems where the block size is smaller than the page size.

Impact

Exploitation of this vulnerability can lead to a deadlock situation, causing the system to hang indefinitely. This has been observed in certain test scenarios, such as the generic/013 test case, which can get stuck due to this issue.

Reproduction

The vulnerability can be reproduced by creating a situation where the filesystem block size is less than the page size. This can be done by using the ext4 filesystem with specific block size settings. Once the conditions are set, initiating directory creation and file appending operations can trigger the deadlock, as the JBD2 journal revoke cancellation process gets caught in a lock ordering conflict.

Remediation

Users can apply the latest patch available in the Linux kernel stable tree to address this vulnerability. The patch is included in the commit referenced by the CVE ID.