Linux Kernel ext4 Proper Error Handling Vulnerability in Inline Data Processing

A vulnerability in the Linux kernel's ext4 file system has been addressed by replacing the BUG_ON() macro with appropriate error handling in the ext4_read_inline_folio function. The issue arose when inline data size exceeded the PAGE_SIZE, leading to a kernel panic. The new error handling prevents the panic, allows the system to continue running, and properly reports the filesystem corruption. The ext4_error_inode function logs the error, the buffer head is released to avoid a memory leak, and the -EFSCORRUPTED code is returned to indicate the corruption.

Impact

The vulnerability could cause a kernel panic, disrupting system operations. However, the introduced error handling prevents this panic, allowing the system to continue running while properly reporting the filesystem corruption.

Reproduction

The vulnerability can be reproduced by creating a scenario where the inline data size in an ext4 filesystem exceeds the PAGE_SIZE. This can be done by manipulating file attributes or using specific file operations that trigger the inline data feature of ext4, while ensuring the data size surpasses the page size limit. Once this condition is met, the original implementation with BUG_ON() will cause a kernel panic, demonstrating the vulnerability.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability. Instructions for downloading the patched version can be found in the Linux kernel Git repository.