CVE-2024-56755 - Linux Kernel Vulnerability in netfs/fscache Fixed: Missing Memory Barrier in FSCACHE_VOLUME_CREATING

A vulnerability has been identified and resolved in the Linux kernel, specifically related to the netfs/fscache. The vulnerability stemmed from a missing memory barrier between a bit-clearing operation and a wake-up operation in the fscache_create_volume() function. This could potentially cause an indefinite wait in certain situations. In this post, we will dive into the details of the vulnerability, its potential impact, and the fix implemented to address it.

Exploit Details

This issue could be triggered as follows, involving two cookies named cookie1 and cookie2, as well as a volume work process, all sharing the same volume.

The process execution flow is as follows

  [cookie1]                [cookie2]                  [volume_work]
fscache_perform_lookup
  fscache_create_volume
                        fscache_perform_lookup
                          fscache_create_volume
                                fscache_create_volume_work
                                  cachefiles_acquire_volume
                                  clear_and_wake_up_bit
    test_and_set_bit
                            test_and_set_bit
                              goto maybe_wait
      goto no_wait

In the above scenario, when cookie1 enters the *-no_wait-* process, it clears the bit and wakes up the waiting process. However, if a memory barrier is missing between these operations, cookie2 might remain indefinitely in the *-wait-* process.

It's worth noting that in commit 3288666c7256 ("fscache: Use clear_and_wake_up_bit() in fscache_create_volume_work()"), memory barriers were added to similar operations in fscache_create_volume_work(), but fscache_create_volume() was missed.

Resolution

To fix this issue, the developers combined the clear and wake operations into the clear_and_wake_up_bit() function, effectively resolving the vulnerability caused by the missing memory barrier. This ensures that the correct memory order is maintained and the waiting process is woken up as intended.

Original References

The original commit that fixed this issue could be found at Linux Kernel Git Commit - Fix Missing Memory Barrier.

Conclusion

The Linux kernel vulnerability (CVE-2024-56755) in netfs/fscache has been resolved by adding a missing memory barrier for FSCACHE_VOLUME_CREATING in the fscache_create_volume() function. Developers and system administrators should ensure they are using a kernel version with this fix applied to avoid the potential impacts of this vulnerability.

Timeline

Published on: 12/29/2024 12:15:09 UTC
Last modified on: 01/06/2025 20:26:39 UTC