kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #102202
[Bug 1371591] Re: file not initialized to 0s under some conditions
** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-3610
** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-3611
** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-3646
** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-3647
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1371591
Title:
file not initialized to 0s under some conditions
Status in linux package in Ubuntu:
In Progress
Status in linux-lts-trusty package in Ubuntu:
Confirmed
Status in linux source package in Precise:
Invalid
Status in linux-lts-trusty source package in Precise:
In Progress
Status in linux source package in Trusty:
In Progress
Status in linux-lts-trusty source package in Trusty:
Invalid
Status in linux source package in Utopic:
In Progress
Status in linux-lts-trusty source package in Utopic:
Invalid
Bug description:
SRU Justification:
[Impact]
Under some conditions, after fallocate() the file is observed not to
be completely initilized to 0s: some 4KB pages have left-over data
from previous files that occupied those pages. Note that in addition
to causing functional problems for applications expecting files to be
initialized to 0s, this is a security issue because it allows data to
"leak" from one file to another, bypassing file access controls.
The problem has been seen running under the following VMWare-based virtual environments:
Fusion 6.0.2
ESXi 5.1.0
And under the following versions of Ubuntu:
Ubuntu 12.04, 3.11.0-26-generic
Ubuntu 14.04.1, 3.13.0-32-generic
Ubuntu 14.04.1, 3.13.0-35-generic
But did not reproduce under the following version:
Ubuntu 10.04, 2.6.32-38-server
The problem reproduced under LVM, but did not reproduce without LVM.
[Test Case]
I reproduced the problem as follows under VMWare Fusion:
set up custom VM with default disk size (20 GB) and memory size (1 GB)
attach Ubuntu 14.04.1 ISO to CDROM, set it as boot device, boot up
select all defaults during installation _including_ LVM
install gcc
unpack the attached repro.tgz
run repro.sh
what it does:
* fills the disk with a file containing bytes of 0xcc then deletes it
* repeatedly runs the repro program which creates two files and accesses them in a certain pattern
* checks the file f0 with hexdump; it should contain all 0s, but if pages 0x1000-0x7000 contain 0xcc you have reproduced the problem
If the problem does not appear to reproduce, please try waiting a bit
and checking the f0 files with hexdump again. This behavior was
observed by a customer reproducing the problem under ESXi. I since
added an sync after the running the repro binary which I think will
fix that.
If you still can't reproduce the problem please let me know if there's
anything I can do to help. For example can we trace the disk accesses
at the SCSI level to verify whether the appropriate SCSI commands are
being sent? This may help determine whether the problem is in Linux or
in VMWare.
[Fix]
mptfusion: enable no_write_same in scsi_host_template
commit 4089b71cc820a426d601283c92fcd4ffeb5139c2 upstream
https://lkml.org/lkml/2014/9/25/482
(Note this patch may be reverted in the future as there is active
discussion upstream about a more generic fix)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1371591/+subscriptions
References