CVE-2024-53690

In the Linux kernel, the following vulnerability has been resolved:

nilfs2: prevent use of deleted inode

syzbot reported a WARNING in nilfs_rmdir. [1]

Because the inode bitmap is corrupted, an inode with an inode number that should exist as a ".nilfs" file was reassigned by nilfsmkdir for "file0", causing an inode duplication during execution. And this causes an underflow of inlink in rmdir operations.

The inode is used twice by the same task to unmount and remove directories ".nilfs" and "file0", it trigger warning in nilfs_rmdir.

Avoid to this issue, check inlink in nilfsiget(), if it is 0, it means that this inode has been deleted, and iput is executed to reclaim it.

[1] WARNING: CPU: 1 PID: 5824 at fs/inode.c:407 dropnlink+0xc4/0x110 fs/inode.c:407 ... Call Trace: <TASK> nilfsrmdir+0x1b0/0x250 fs/nilfs2/namei.c:342 vfsrmdir+0x3a3/0x510 fs/namei.c:4394 dormdir+0x3b5/0x580 fs/namei.c:4453 __dosysrmdir fs/namei.c:4472 [inline] __sesysrmdir fs/namei.c:4470 [inline] __x64sysrmdir+0x47/0x50 fs/namei.c:4470 dosyscallx64 arch/x86/entry/common.c:52 [inline] dosyscall64+0xf3/0x230 arch/x86/entry/common.c:83 entrySYSCALL64afterhwframe+0x77/0x7f