The Linux kernel, which serves as the foundation for most Linux-based operating systems, has recently addressed an important vulnerability. The security issue, referenced as CVE-2024-27389, involves the pstore filesystem and specifically deals with the unloading of a modular pstore backend with records present in the pstorefs.

This vulnerability can cause problems in the kernel by triggering a dput() double-drop warning as shown below:

WARNING: CPU:  PID: 2569 at fs/dcache.c:762 dput.part.+x3f3/x410

Previously, the Linux kernel code used a combination of d_drop() and dput() functions as suggested in the Documentation/filesystems/vfs.rst. However, this approach is not appropriate in this situation as it leads to reference counting problems, causing the vulnerability to occur.

To resolve this issue, developers have opted to use the d_invalidate() function instead. Furthermore, the updated code will no longer check for error codes that cannot happen, making it more efficient and secure.

Below is a snippet of the new code that properly addresses this issue

static int pstore_inode_unlink(struct dentry *dentry)
{
       struct inode *inode = d_inode(dentry);

       if (!inode)
               return -ENOENT;

       if (d_really_is_positive(dentry)) {
               inode->i_flags |= S_DEAD;
               d_invalidate(dentry);
               if (d_really_is_positive(dentry)) {
                       pstore_remove_file(inode);
                       pstore_erase(inode);
               }
       }

       return ;
}

Developers and users of Linux-based systems are encouraged to implement this fix to ensure that their systems are not vulnerable to potential threats exploiting CVE-2024-27389.

Linux kernel source code

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=339aca4f94460df29a59fea087b99dfa02d335f8

VFS documentation in the Linux kernel

https://www.kernel.org/doc/html/latest/filesystems/vfs.html

This security update is crucial to maintain consistency and prevent possible errors from occurring in the Linux kernel due to incorrect reference counting. The transition from using d_drop()/dput() to d_invalidate() is a key step in ensuring the robustness and reliability of Linux systems, as well as keeping the environment secure against potential exploits targeting this vulnerability.

Make sure to update your Linux kernel to the latest version that includes the fix for CVE-2024-27389 or manually apply the updated code to stay protected against any potential threats targeting this vulnerability.

Timeline

Published on: 05/01/2024 13:15:51 UTC
Last modified on: 12/19/2024 08:54:03 UTC