[SRU][F][PATCH 0/1] CVE-2023-52497
Jacob Martin
jacob.martin at canonical.com
Thu Oct 10 19:52:07 UTC 2024
[Impact]
The kernel's LZ4 decompression algorithm expects that data being in-place
decompressed is located at the end of the end of the output buffer. The EROFS
implementation will map in and out buffers without a guarantee on their
ordering. While this is incorrect behavior on all CPUs, x86 CPUs declaring the
FSRM capability have a memmove implementation that is particularly affected by
this misordering, resulting in frequent data corruption. Resolve the issue by
always using the output buffer for in-place decompression, with the compressed
data placed at the end of it.
[Fix]
Noble: Fix released
Jammy: Fix released
Focal: Clean cherry-pick from linux-5.10.y stable branch
Bionic: Not affected
Xenial: Not affected
Trusty: Not affected
[Test Case]
Compile tested. Verified that an EROFS filesystem could be created, mounted,
and read from with its data intact while this patch was applied.
# mkdir erofs_test_data erofs_test_mnt
# for i in {0..9}; do dd if=/dev/urandom of="erofs_test_data/test$i" bs=1M count=1; done
# mkfs.erofs -z lz4 erofs_test.img erofs_test_data
# modprobe erofs
# mount -o loop erofs_test.img erofs_test_mnt
# diff -qr erofs_test_data erofs_test_mnt
[Where problems could occur]
This fix modifies the LZO decompression behavior of the EROFS filesystem
specifically. Issues with this fix are likely to only affect use of the EROFS
filesystem.
Gao Xiang (1):
erofs: fix lz4 inplace decompression
fs/erofs/decompressor.c | 24 ++++++++++++++----------
1 file changed, 14 insertions(+), 10 deletions(-)
--
2.43.0
More information about the kernel-team
mailing list