Linux Kernel Ceph Module Folio Batch Error Propagation Vulnerability

A vulnerability in the Linux kernel's Ceph module can lead to improper error handling during the writeback process when the fscrypt feature is enabled. The issue arises in the 'ceph_process_folio_batch()' function, which fails to correctly manage return codes from its operations. This mismanagement can cause errors to be sent back to the main writeback loop, disrupting the process and potentially leading to a system crash. The problem is exacerbated by another bug that prevents multiple encrypted folios from being written at the same time, masking the issue under normal circumstances.

Impact

This vulnerability can cause a system crash by triggering a 'BUG_ON()' condition in the 'ceph_allocate_page_array()' function, which is not able to handle the propagated error correctly.

Reproduction

To reproduce this vulnerability, enable the fscrypt feature in the Linux kernel. Then, use the Ceph file system to trigger the 'ceph_process_folio_batch()' function with multiple encrypted folios. The function will fail to handle the errors properly, allowing them to propagate back to the main writeback loop and causing a crash.

Remediation

The vulnerability has been addressed in the Linux kernel. Users can upgrade to the latest version to apply the fix.