A security vulnerability has been resolved in the Linux kernel, specifically in the EROFS (Enhanced Readonly File System) implementation. The vulnerability affects the LZ4 inplace decompression process and can potentially lead to data corruption.

The Linux kernel contains support for a multitude of file systems, and among them is EROFS, or Enhanced Readonly File System, which offers a better compression ratio and improved performance compared to other readonly file systems. In EROFS, LZ4 is one of the compression algorithms used to compress data, along with others like ZSTD, Gzip, etc.

The vulnerability exists in the way EROFS handles LZ4 inplace decompression. In LZ4 decompression, compressed data is expected to be arranged at the end of the decompressed buffer. However, as reported by Juhyung, there might be some new x86 processors with the FSRM (Fast String Replication MOVSB) feature that could expose the data corruption issue during this process.

The solution provided is to use the decompressed buffer strictly for LZ4 inplace decompression, and gradually work on improvements to address the issue of mapping virtual buffers for compressed and decompressed data.

Here is a code snippet showing the relevant changes made in the kernel

-   erofs_map_blocks_iter(inode, &map, &last_block, true);
+   erofs_map_blocks_iter(inode, &map, &last_block, false);
...
-static int z_erofs_lz4_fill_trunk(struct z_erofs_decompress_frontend *f,
+static int z_erofs_lz4_fill_inplace(struct z_erofs_decompress_frontend *f,
...
-   nlz4_fill_header(buf, inlen, outlen, &dest, &src);
+   lz4_fill_header(buf, inlen, outlen, &dest, &src);
...
    return packed_copy_and_fix_alignment(f, archive_len);

Please refer to the original patch submission for the full details and complete code changes.

In order to ensure the security and efficiency of the Linux kernel, it is crucial to be aware of the latest patches and updates. Stay informed and apply the relevant patches for your Linux systems to mitigate the risk of data corruption due to vulnerabilities like these.

Timeline

Published on: 03/01/2024 14:15:53 UTC
Last modified on: 03/01/2024 15:23:36 UTC