CVE-2024-47679
Description
In the Linux kernel, the following vulnerability has been resolved: vfs: fix race between evice_inodes() and find_inode()&iput() Hi, all Recently I noticed a bug[1] in btrfs, after digged it into and I believe it'a race in vfs. Let's assume there's a inode (ie ino 261) with i_count 1 is called by iput(), and there's a concurrent thread calling generic_shutdown_super(). cpu0: cpu1: iput() // i_count is 1 ->spin_lock(inode) ->dec i_count to 0 ->iput_final() generic_shutdown_super() ->__inode_add_lru() ->evict_inodes() // cause some reason[2] ->if (atomic_read(inode->i_count)) continue; // return before // inode 261 passed the above check // list_lru_add_obj() // and then schedule out ->spin_unlock() // note here: the inode 261 // was still at sb list and hash list, // and I_FREEING|I_WILL_FREE was not been set btrfs_iget() // after some function calls ->find_inode() // found the above inode 261 ->spin_lock(inode) // check I_FREEING|I_WILL_FREE // and passed ->__iget() ->spin_unlock(inode) // schedule back ->spin_lock(inode) // check (I_NEW|I_FREEING|I_WILL_FREE) flags, // passed and set I_FREEING iput() ->spin_unlock(inode) ->spin_lock(inode) ->evict() // dec i_count to 0 ->iput_final() ->spin_unlock() ->evict() Now, we have two threads simultaneously evicting the same inode, which may trigger the BUG(inode->i_state & I_CLEAR) statement both within clear_inode() and iput(). To fix the bug, recheck the inode->i_count after holding i_lock. Because in the most scenarios, the first check is valid, and the overhead of spin_lock() can be reduced. If there is any misunderstanding, please let me know, thanks. [1]: https://lore.kernel.org/linux-btrfs/000000000000eabe1d0619c48986@google.com/ [2]: The reason might be 1. SB_ACTIVE was removed or 2. mapping_shrinkable() return false when I reproduced the bug.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2025-20518.html
Vendor advisory: alma — https://bugzilla.redhat.com/2383441
Vendor advisory: alma — https://bugzilla.redhat.com/2376076
Vendor advisory: alma — https://bugzilla.redhat.com/2369184
Vendor advisory: alma — https://bugzilla.redhat.com/2363380
Vendor advisory: alma — https://bugzilla.redhat.com/2360215
Vendor advisory: alma — https://bugzilla.redhat.com/2351633
Vendor advisory: alma — https://bugzilla.redhat.com/2351629
Vendor advisory: alma — https://bugzilla.redhat.com/2351625
Vendor advisory: alma — https://bugzilla.redhat.com/2351624
Vendor advisory: alma — https://bugzilla.redhat.com/2351620
Vendor advisory: alma — https://bugzilla.redhat.com/2351618
Vendor advisory: alma — https://bugzilla.redhat.com/2351616
Vendor advisory: alma — https://bugzilla.redhat.com/2351613
Vendor advisory: alma — https://bugzilla.redhat.com/2351612
Vendor advisory: alma — https://bugzilla.redhat.com/2351608
Vendor advisory: alma — https://bugzilla.redhat.com/2351606
Vendor advisory: alma — https://bugzilla.redhat.com/2350726
Vendor advisory: alma — https://bugzilla.redhat.com/2350725
Vendor advisory: alma — https://bugzilla.redhat.com/2350589
Vendor advisory: alma — https://bugzilla.redhat.com/2350585
Vendor advisory: alma — https://bugzilla.redhat.com/2350400
Vendor advisory: alma — https://bugzilla.redhat.com/2350397
Vendor advisory: alma — https://bugzilla.redhat.com/2350396
Vendor advisory: alma — https://bugzilla.redhat.com/2350392
Vendor advisory: alma — https://bugzilla.redhat.com/2350388
Vendor advisory: alma — https://bugzilla.redhat.com/2350386
Vendor advisory: alma — https://bugzilla.redhat.com/2350375
Vendor advisory: alma — https://bugzilla.redhat.com/2350374
Vendor advisory: alma — https://bugzilla.redhat.com/2350367
Vendor advisory: alma — https://bugzilla.redhat.com/2350363
Vendor advisory: alma — https://bugzilla.redhat.com/2348901
Vendor advisory: alma — https://bugzilla.redhat.com/2348654
Vendor advisory: alma — https://bugzilla.redhat.com/2348650
Vendor advisory: alma — https://bugzilla.redhat.com/2348645
Vendor advisory: alma — https://bugzilla.redhat.com/2348634
Vendor advisory: alma — https://bugzilla.redhat.com/2348625
Vendor advisory: alma — https://bugzilla.redhat.com/2348620
Vendor advisory: alma — https://bugzilla.redhat.com/2348615
Vendor advisory: alma — https://bugzilla.redhat.com/2348601
Vendor advisory: alma — https://bugzilla.redhat.com/2348600
Vendor advisory: alma — https://bugzilla.redhat.com/2348597
Vendor advisory: alma — https://bugzilla.redhat.com/2348595
Vendor advisory: alma — https://bugzilla.redhat.com/2348587
Vendor advisory: alma — https://bugzilla.redhat.com/2348585
Vendor advisory: alma — https://bugzilla.redhat.com/2348584
Vendor advisory: alma — https://bugzilla.redhat.com/2348581
Vendor advisory: alma — https://bugzilla.redhat.com/2348578
Vendor advisory: alma — https://bugzilla.redhat.com/2348577
Vendor advisory: alma — https://bugzilla.redhat.com/2348574
Vendor advisory: alma — https://bugzilla.redhat.com/2348573
Vendor advisory: alma — https://bugzilla.redhat.com/2348566
Vendor advisory: alma — https://bugzilla.redhat.com/2348556
Vendor advisory: alma — https://bugzilla.redhat.com/2348554
Vendor advisory: alma — https://bugzilla.redhat.com/2348550
Vendor advisory: alma — https://bugzilla.redhat.com/2348547
Vendor advisory: alma — https://bugzilla.redhat.com/2348543
Vendor advisory: alma — https://bugzilla.redhat.com/2348541
Vendor advisory: alma — https://bugzilla.redhat.com/2348528
Vendor advisory: alma — https://bugzilla.redhat.com/2348523
Vendor advisory: alma — https://bugzilla.redhat.com/2348515
Vendor advisory: alma — https://bugzilla.redhat.com/2348279
Vendor advisory: alma — https://bugzilla.redhat.com/2348240
Vendor advisory: alma — https://bugzilla.redhat.com/2348238
Vendor advisory: alma — https://bugzilla.redhat.com/2348071
Vendor advisory: alma — https://bugzilla.redhat.com/2348022
Vendor advisory: alma — https://bugzilla.redhat.com/2347968
Vendor advisory: alma — https://bugzilla.redhat.com/2347919
Vendor advisory: alma — https://bugzilla.redhat.com/2347859
Vendor advisory: alma — https://bugzilla.redhat.com/2347807
Vendor advisory: alma — https://bugzilla.redhat.com/2347781
Vendor advisory: alma — https://bugzilla.redhat.com/2347759
Vendor advisory: alma — https://bugzilla.redhat.com/2347753
Vendor advisory: alma — https://bugzilla.redhat.com/2347707
Vendor advisory: alma — https://bugzilla.redhat.com/2346272
Vendor advisory: alma — https://bugzilla.redhat.com/2345240
Vendor advisory: alma — https://bugzilla.redhat.com/2344687
Vendor advisory: alma — https://bugzilla.redhat.com/2344684
Vendor advisory: alma — https://bugzilla.redhat.com/2343175
Vendor advisory: alma — https://bugzilla.redhat.com/2343172
Vendor advisory: alma — https://bugzilla.redhat.com/2338832
Vendor advisory: alma — https://bugzilla.redhat.com/2338828
Vendor advisory: alma — https://bugzilla.redhat.com/2338814
Vendor advisory: alma — https://bugzilla.redhat.com/2337124
Vendor advisory: alma — https://bugzilla.redhat.com/2337121
Vendor advisory: alma — https://bugzilla.redhat.com/2336541
Vendor advisory: alma — https://bugzilla.redhat.com/2334829
Vendor advisory: alma — https://bugzilla.redhat.com/2334795
Vendor advisory: alma — https://bugzilla.redhat.com/2334676
Vendor advisory: alma — https://bugzilla.redhat.com/2334560
Vendor advisory: alma — https://bugzilla.redhat.com/2334548
Vendor advisory: alma — https://bugzilla.redhat.com/2334547
Vendor advisory: alma — https://bugzilla.redhat.com/2334537
Vendor advisory: alma — https://bugzilla.redhat.com/2334439
Vendor advisory: alma — https://bugzilla.redhat.com/2334415
Vendor advisory: alma — https://bugzilla.redhat.com/2334396
Vendor advisory: alma — https://bugzilla.redhat.com/2334357
Vendor advisory: alma — https://bugzilla.redhat.com/2331326
Vendor advisory: alma — https://bugzilla.redhat.com/2330341
Vendor advisory: alma — https://bugzilla.redhat.com/2329918
Vendor advisory: alma — https://bugzilla.redhat.com/2327887
Vendor advisory: alma — https://bugzilla.redhat.com/2327374
Vendor advisory: alma — https://bugzilla.redhat.com/2327203
Vendor advisory: alma — https://bugzilla.redhat.com/2324549
Vendor advisory: alma — https://bugzilla.redhat.com/2320722
Vendor advisory: alma — https://bugzilla.redhat.com/2320616
Vendor advisory: alma — https://bugzilla.redhat.com/2320455
Vendor advisory: alma — https://bugzilla.redhat.com/2320259
Vendor advisory: alma — https://bugzilla.redhat.com/2320172
Vendor advisory: alma — https://bugzilla.redhat.com/2313092
Vendor advisory: alma — https://bugzilla.redhat.com/2312077
Vendor advisory: alma — https://bugzilla.redhat.com/2298169
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2024-47679
Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2025:20518
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2024-47679.html
Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2025:20518
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| rhel | 9 | fixed | |
| sles | affected | | |
| rocky | 9 | fixed | |
| debian | bookworm | fixed | 6.1.115-1 |
| debian | bullseye | fixed | 5.10.234-1 |
| debian | forky | fixed | 6.11.2-1 |
| debian | sid | fixed | 6.11.2-1 |
| debian | trixie | fixed | 6.11.2-1 |
| almalinux | 9 | fixed | kernel-doc-5.14.0-611.5.1.el9_7.noarch.rpm |
References
- https://access.redhat.com/errata/RHSA-2025:20518
- https://www.suse.com/security/cve/CVE-2024-47679.html
- https://errata.rockylinux.org/RLSA-2025:20518
- https://security-tracker.debian.org/tracker/CVE-2024-47679
- https://bugzilla.redhat.com/2298169
- https://bugzilla.redhat.com/2312077
- https://bugzilla.redhat.com/2313092
- https://bugzilla.redhat.com/2320172
- https://bugzilla.redhat.com/2320259
- https://bugzilla.redhat.com/2320455
- https://bugzilla.redhat.com/2320616
- https://bugzilla.redhat.com/2320722
- https://bugzilla.redhat.com/2324549
- https://bugzilla.redhat.com/2327203
- https://bugzilla.redhat.com/2327374
- https://bugzilla.redhat.com/2327887
- https://bugzilla.redhat.com/2329918
- https://bugzilla.redhat.com/2330341
- https://bugzilla.redhat.com/2331326
- https://bugzilla.redhat.com/2334357
- https://bugzilla.redhat.com/2334396
- https://bugzilla.redhat.com/2334415
- https://bugzilla.redhat.com/2334439
- https://bugzilla.redhat.com/2334537
- https://bugzilla.redhat.com/2334547
Verify integrity in audit chain (admin only). AS-IS.