Linux Kernel ext4 Race Condition Vulnerability in Inline Data Handling

A vulnerability in the Linux kernel's ext4 file system has been addressed, which involved a race condition between the destruction of inline data and block mapping. The issue arose in the function 'ext4_destroy_inline_data_nolock()', which modifies the inode data layout by removing the 'EXT4_INODE_INLINE_DATA' flag and applying the 'EXT4_INODE_EXTENTS' flag. This change created a timing issue, as another thread could concurrently execute 'ext4_map_blocks()', leading to a situation where 'ext4_ind_map_blocks()' received an inode with the 'EXT4_INODE_EXTENTS' flag, causing a kernel assertion failure. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability could lead to a kernel panic, with the system crashing due to an unhandled exception caused by the invalid opcode error. This interruption of the kernel's normal operation can result in a denial of service, where the system becomes unresponsive or unavailable.

Reproduction

The vulnerability can be reproduced by performing a file operation that triggers the 'ext4_destroy_inline_data_nolock()' function while simultaneously initiating a block mapping operation through 'ext4_map_blocks()'. This can be achieved by writing data to a file with inline data attributes, which will invoke the inline data destruction process. If the timing aligns, the block mapping operation may interfere with the data destruction, leading to the assertion failure and causing a kernel panic.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been fixed. Instructions for upgrading the kernel can be found in the official Linux documentation.