CVE-2022-49850

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A semaphore deadlock can occur in the Linux kernel if nilfs get block() detects metadata corruption while locating data blocks and a superblock writeback occurs at the same time. This happens due to the hierarchical lock acquisition in the order rwsem A -> rwsem B. The deadlock occurs when another task starts updating the superblock, causing it to writelock rwsem B and then try to readlock rwsem A in nilfs count free blocks(). However, there is no need to take rwsem A in nilfs count free blocks() because it only reads a single integer data on a shared struct with nilfs sufile get ncleansegs().

Recommendations As a temporary workaround, consider disabling the nilfs count free blocks() function until a patch is available. To resolve the issue, the nilfs count free blocks() function has been modified to not take the semaphore, thus preventing the deadlock.