CVE-2022-50668

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix deadlock due to mbcache entry corruption

When manipulating xattr blocks, we can deadlock infinitely looping inside ext4xattrblockset() where we constantly keep finding xattr block for reuse in mbcache but we are unable to reuse it because its reference count is too big. This happens because cache entry for the xattr block is marked as reusable (ereusable set) although its reference count is too big. When this inconsistency happens, this inconsistent state is kept indefinitely and so ext4xattrblock_set() keeps retrying indefinitely.

The inconsistent state is caused by non-atomic update of ereusable bit. ereusable is part of a bitfield and ereusable update can race with update of ereferenced bit in the same bitfield resulting in loss of one of the updates. Fix the problem by using atomic bitops instead.

This bug has been around for many years, but it became much easier to hit after commit 65f8b80053a1 ("ext4: fix race when reusing xattr blocks").