CVE-2024-53131

In the Linux kernel, the following vulnerability has been resolved:

nilfs2: fix null-ptr-deref in blocktouchbuffer tracepoint

Patch series "nilfs2: fix null-ptr-deref bugs on block tracepoints".

This series fixes null pointer dereference bugs that occur when using nilfs2 and two block-related tracepoints.

This patch (of 2):

It has been reported that when using "block:blocktouchbuffer" tracepoint, touchbuffer() called from _nilfsgetfolio_block() causes a NULL pointer dereference, or a general protection fault when KASAN is enabled.

This happens because since the tracepoint was added in touchbuffer(), it references the devt member bh->bbdev->bddev regardless of whether the buffer head has a pointer to a blockdevice structure. In the current implementation, the blockdevice structure is set after the function returns to the caller.

Here, touchbuffer() is used to mark the folio/page that owns the buffer head as accessed, but the common search helper for folio/page used by the caller function was optimized to mark the folio/page as accessed when it was reimplemented a long time ago, eliminating the need to call touchbuffer() here in the first place.

So this solves the issue by eliminating the touch_buffer() call itself.