Linux Kernel EROFS File I/O Short Read Handling Vulnerability

A vulnerability in the Linux kernel's EROFS (Enhanced Read-Only File System) module affects file-backed mounts. The issue arises in the I/O request handling, which can be interrupted by SIGKILL, leading to a situation where unused folios in the bio (block I/O) are incorrectly marked as up-to-date. This vulnerability has been addressed by modifying the short read bio to indicate an error instead.

Impact

The vulnerability could lead to incorrect I/O handling, where unused folios are mistakenly marked as up-to-date, potentially causing data consistency issues.

Reproduction

To reproduce this vulnerability, mount a file system using EROFS with file-backed support. Then, initiate an I/O read operation that can be interrupted by SIGKILL. After the interruption, the bio will incorrectly mark unused folios as up-to-date, despite not being fully read.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.