CVE-2021-47066

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> async_xor: increase src_offs when dropping destination page<br /> <br /> Now we support sharing one page if PAGE_SIZE is not equal stripe size. To<br /> support this, it needs to support calculating xor value with different<br /> offsets for each r5dev. One offset array is used to record those offsets.<br /> <br /> In RMW mode, parity page is used as a source page. It sets<br /> ASYNC_TX_XOR_DROP_DST before calculating xor value in ops_run_prexor5.<br /> So it needs to add src_list and src_offs at the same time. Now it only<br /> needs src_list. So the xor value which is calculated is wrong. It can<br /> cause data corruption problem.<br /> <br /> I can reproduce this problem 100% on a POWER8 machine. The steps are:<br /> <br /> mdadm -CR /dev/md0 -l5 -n3 /dev/sdb1 /dev/sdc1 /dev/sdd1 --size=3G<br /> mkfs.xfs /dev/md0<br /> mount /dev/md0 /mnt/test<br /> mount: /mnt/test: mount(2) system call failed: Structure needs cleaning.