Linux Kernel dm-crypt Zoned Target Write BIO Handling Vulnerability

A vulnerability exists in the Linux kernel's dm-crypt module when handling write operations for zoned targets. The issue arises because write BIOs can be split into smaller segments based on internal limits, which is intended to optimize processing by allowing parallel execution on different CPUs. However, for zoned dm-crypt targets, this splitting disrupts the sequential order of write operations to the underlying devices, leading to potential data corruption. The vulnerability specifically affects Linux kernel versions prior to the latest patch, where the dm-crypt module's maximum write size can cause zone append operations to be processed incorrectly, resulting in file system data corruption on filesystems like XFS or Btrfs.

Impact

The vulnerability can cause data corruption on file systems that use zone append operations, such as XFS or Btrfs, by incorrectly processing write operations through the dm-crypt module.

Reproduction

To reproduce this vulnerability, create a zoned dm-crypt target and set the maximum write size to a value that exceeds the default 128 KB limit. Then, perform zone append operations that exceed the maximum write size, which will cause the BIOs to be split and processed as regular write operations. This splitting will lead to an incorrect BIO sector being reported, causing data corruption on the file system.

Remediation

Users can update to the latest version of the Linux kernel, where this vulnerability has been addressed. Instructions for updating the kernel can be found in the distribution's documentation.