Linux Kernel iomap Non-Block-Aligned Read Range Adjustment Vulnerability

A vulnerability exists in the Linux kernel's iomap functionality, specifically in how the read range is adjusted for non-block-aligned positions. The issue arises in the buffered I/O implementation, where the function 'iomap_adjust_read_range' incorrectly assumes that the read position and length are aligned to block boundaries. This misalignment can lead to an excessive number of bytes being skipped for blocks that are up-to-date, causing the function to return inaccurate position and length values for reading. In cases where all blocks are up-to-date, this error can underflow the length parameter, resulting in a position that extends beyond the intended range. The vulnerability has been addressed by modifying the calculation to consider the block offset, ensuring that the read range is accurately adjusted for non-block-aligned positions.

Impact

Exploitation of this vulnerability can lead to incorrect read operations, potentially causing data to be misread or skipped entirely, which could disrupt normal file system operations or data integrity.

Reproduction

The vulnerability can be reproduced by using a file system that generates non-block-aligned read requests, such as EROFS. When the 'iomap_adjust_read_range' function is called, it will skip too many bytes for up-to-date blocks, leading to an incorrect read position and length. This can be verified by observing the read operations and noting the discrepancies in the expected versus actual data read from the file system.

Remediation

Users can update to the latest version of the Linux kernel, where this vulnerability has been fixed. Instructions for downloading the patched version are available on the official Linux kernel website.