CVE-2024-53130

In the Linux kernel, the following vulnerability has been resolved:

nilfs2: fix null-ptr-deref in blockdirtybuffer tracepoint

When using the "block:blockdirtybuffer" tracepoint, markbufferdirty() may cause a NULL pointer dereference, or a general protection fault when KASAN is enabled.

This happens because, since the tracepoint was added in markbufferdirty(), it references the devt member bh->bbdev->bddev regardless of whether the buffer head has a pointer to a blockdevice structure.

In the current implementation, nilfsgrabbuffer(), which grabs a buffer to read (or create) a block of metadata, including b-tree node blocks, does not set the block device, but instead does so only if the buffer is not in the "uptodate" state for each of its caller block reading functions. However, if the uptodate flag is set on a folio/page, and the buffer heads are detached from it by trytofreebuffers(), and new buffer heads are then attached by createemptybuffers(), the uptodate flag may be restored to each buffer without the block device being set to bh->bbdev, and markbufferdirty() may be called later in that state, resulting in the bug mentioned above.

Fix this issue by making nilfsgrabbuffer() always set the block device of the super block structure to the buffer head, regardless of the state of the buffer's uptodate flag.