CVE-2023-53101

In the Linux kernel, the following vulnerability has been resolved:

ext4: zero i_disksize when initializing the bootloader inode

If the boot loader inode has never been used before, the EXT4IOCSWAPBOOT inode will initialize it, including setting the isize to 0. However, if the "never before used" boot loader has a non-zero isize, then idisksize will be non-zero, and the inconsistency between isize and idisksize can trigger a kernel warning:

WARNING: CPU: 0 PID: 2580 at fs/ext4/file.c:319 CPU: 0 PID: 2580 Comm: bb Not tainted 6.3.0-rc1-00004-g703695902cfa RIP: 0010:ext4filewriteiter+0xbc7/0xd10 Call Trace: vfswrite+0x3b1/0x5c0 ksys_write+0x77/0x160 __x64syswrite+0x22/0x30 dosyscall64+0x39/0x80

Reproducer: 1. create corrupted image and mount it: mke2fs -t ext4 /tmp/foo.img 200 debugfs -wR "sif <5> size 25700" /tmp/foo.img mount -t ext4 /tmp/foo.img /mnt cd /mnt echo 123 > file 2. Run the reproducer program: posixmemalign(&buf, 1024, 1024) fd = open("file", ORDWR | ODIRECT); ioctl(fd, EXT4IOCSWAPBOOT); write(fd, buf, 1024);

Fix this by setting idisksize as well as isize to zero when initiaizing the boot loader inode.