Linux Kernel Bootloader Inode Initialization Vulnerability in ext4 File System

A vulnerability in the Linux kernel's ext4 file system has been addressed, concerning the initialization of the bootloader inode. When the EXT4_IOC_SWAP_BOOT inode is applied to a bootloader that has never been used, it correctly sets the inode size to zero. However, if the bootloader inode has a non-zero size, this creates a mismatch with the i_disksize, potentially leading to a kernel warning. This issue arises from the improper synchronization of inode size attributes during the initialization process.

Impact

The vulnerability can cause a kernel warning due to the inconsistency between the inode size and the disk size, which may lead to confusion or mismanagement of file system operations.

Reproduction

To reproduce this vulnerability, first create a corrupted ext4 image and mount it. This can be done by using the 'mke2fs' command to create the image, then using 'debugfs' to write a non-zero size to the bootloader inode. After mounting the image, a file can be created. The vulnerability can then be triggered by opening the file with direct I/O, swapping the boot inode, and writing to the file, which will cause the inconsistency between the inode sizes.

Remediation

The vulnerability can be remediated by ensuring that both the i_disksize and i_size are set to zero when the bootloader inode is initialized.