Linux Kernel Loop Device Block Size Update Vulnerability Under Exclusive Ownership

A vulnerability in the Linux kernel's loop device management has been addressed. The issue arose when the block size of a loop device was altered while a filesystem was mounted, creating a discrepancy between the block device's block size and the block size recorded in the superblock. This mismatch led to confusion in several kernel functions, particularly __getblk_slow(), which generated a warning due to a buffer size request that did not align with the block device's block size. The vulnerability has been fixed by ensuring that changes to the loop device's block size can only be made when the device is not under exclusive ownership, thereby preventing unexpected modifications that could disrupt filesystem operations.

Impact

The vulnerability could cause warnings and potential instability in the filesystem due to the block size mismatch, as demonstrated by the issue reported by Syzbot.

Reproduction

The vulnerability can be reproduced by changing the block size of a loop device while it is being used by a mounted filesystem. This can be done by first creating a loop device and mounting a filesystem on it, then manually altering the block size without releasing the exclusive ownership from the filesystem. The resulting mismatch will trigger a warning in the kernel's buffer management, indicating that the requested buffer size does not match the block device's current block size.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched kernel can be found on the official Linux kernel website.