Linux Kernel Orphan File Size Limit Vulnerability in ext4 File System

A vulnerability in the ext4 file system of the Linux kernel allows orphan files to grow excessively large. This issue arises because the orphan replay process must traverse the entire file, pinning all its buffers in memory. As a result, filesystems with unusually large orphan files can consume significant amounts of memory. The vulnerability has been addressed by imposing a reasonable limit on orphan file sizes and by using kvmalloc() to allocate arrays of block descriptor structures, thereby avoiding large order allocations for files that are large but still within a normal range.

Impact

The vulnerability can lead to excessive memory consumption by pinning large orphan file buffers in memory, potentially causing memory exhaustion issues.

Reproduction

The vulnerability can be reproduced by creating an orphan file that exceeds the size limit of 8 megabytes. This can be done by manipulating file operations in a way that generates a large orphan file, such as by using certain file system stress testing tools or by manually creating large files and then unlinking them while keeping the file descriptors open.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched kernel can be found on the official Linux kernel website.