CVE-2021-47114

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ocfs2: fix data corruption by fallocate<br /> <br /> When fallocate punches holes out of inode size, if original isize is in<br /> the middle of last cluster, then the part from isize to the end of the<br /> cluster will be zeroed with buffer write, at that time isize is not yet<br /> updated to match the new size, if writeback is kicked in, it will invoke<br /> ocfs2_writepage()-&gt;block_write_full_page() where the pages out of inode<br /> size will be dropped. That will cause file corruption. Fix this by<br /> zero out eof blocks when extending the inode size.<br /> <br /> Running the following command with qemu-image 4.2.1 can get a corrupted<br /> coverted image file easily.<br /> <br /> qemu-img convert -p -t none -T none -f qcow2 $qcow_image \<br /> -O qcow2 -o compat=1.1 $qcow_image.conv<br /> <br /> The usage of fallocate in qemu is like this, it first punches holes out<br /> of inode size, then extend the inode size.<br /> <br /> fallocate(11, FALLOC_FL_KEEP_SIZE|FALLOC_FL_PUNCH_HOLE, 2276196352, 65536) = 0<br /> fallocate(11, 0, 2276196352, 65536) = 0<br /> <br /> v1: https://www.spinics.net/lists/linux-fsdevel/msg193999.html<br /> v2: https://lore.kernel.org/linux-fsdevel/20210525093034.GB4112@quack2.suse.cz/T/