mirrors
/
anolis-cloud-kernel
mirror of https://gitee.com/anolis/cloud-kernel.git
8
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
997,866 Commits 49 Branches 204 Tags 3.3 GiB
C 97.7%
Assembly 1.3%
Shell 0.3%
Makefile 0.3%
Python 0.2%
Other 0.1%
Go to file
Chao Yu 218a9ce97b f2fs: fix to avoid NULL pointer dereference f2fs_write_end_io() 
ANBZ: #20922

commit d8189834d4 upstream.

butt3rflyh4ck reports a bug as below:

When a thread always calls F2FS_IOC_RESIZE_FS to resize fs, if resize fs is
failed, f2fs kernel thread would invoke callback function to update f2fs io
info, it would call  f2fs_write_end_io and may trigger null-ptr-deref in
NODE_MAPPING.

general protection fault, probably for non-canonical address
KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]
RIP: 0010:NODE_MAPPING fs/f2fs/f2fs.h:1972 [inline]
RIP: 0010:f2fs_write_end_io+0x727/0x1050 fs/f2fs/data.c:370
 <TASK>
 bio_endio+0x5af/0x6c0 block/bio.c:1608
 req_bio_endio block/blk-mq.c:761 [inline]
 blk_update_request+0x5cc/0x1690 block/blk-mq.c:906
 blk_mq_end_request+0x59/0x4c0 block/blk-mq.c:1023
 lo_complete_rq+0x1c6/0x280 drivers/block/loop.c:370
 blk_complete_reqs+0xad/0xe0 block/blk-mq.c:1101
 __do_softirq+0x1d4/0x8ef kernel/softirq.c:571
 run_ksoftirqd kernel/softirq.c:939 [inline]
 run_ksoftirqd+0x31/0x60 kernel/softirq.c:931
 smpboot_thread_fn+0x659/0x9e0 kernel/smpboot.c:164
 kthread+0x33e/0x440 kernel/kthread.c:379
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308

The root cause is below race case can cause leaving dirty metadata
in f2fs after filesystem is remount as ro:

Thread A				Thread B
- f2fs_ioc_resize_fs
 - f2fs_readonly   --- return false
 - f2fs_resize_fs
					- f2fs_remount
					 - write_checkpoint
					 - set f2fs as ro
  - free_segment_range
   - update meta_inode's data

Then, if f2fs_put_super()  fails to write_checkpoint due to readonly
status, and meta_inode's dirty data will be writebacked after node_inode
is put, finally, f2fs_write_end_io will access NULL pointer on
sbi->node_inode.

Thread A				IRQ context
- f2fs_put_super
 - write_checkpoint fails
 - iput(node_inode)
 - node_inode = NULL
 - iput(meta_inode)
  - write_inode_now
   - f2fs_write_meta_page
					- f2fs_write_end_io
					 - NODE_MAPPING(sbi)
					 : access NULL pointer on node_inode

Fixes: b4b10061ef ("f2fs: refactor resize_fs to avoid meta updates in progress")
Reported-by: butt3rflyh4ck <butterflyhuangxx@gmail.com>
Closes: https://lore.kernel.org/r/1684480657-2375-1-git-send-email-yangtiezhu@loongson.cn
Tested-by: butt3rflyh4ck <butterflyhuangxx@gmail.com>
Signed-off-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Fixes: CVE-2023-2898
Signed-off-by: Joseph Qi <joseph.qi@linux.alibaba.com>
Reviewed-by: Gao Xiang <hsiangkao@linux.alibaba.com>
Link: https://gitee.com/anolis/cloud-kernel/pulls/5565
 		2025-08-01 11:21:00 +08:00
Documentation bpf: Document EFAULT changes for sockopt 2025-07-17 07:35:44 +00:00
LICENSES LICENSES/deprecated: add Zlib license text 2020-09-16 14:33:49 +02:00
anolis anolis: configs: enable CONFIG_EROFS_FS_BACKED_BY_FILE 2025-07-28 08:43:58 +00:00
arch anolis: x86/cpufeatures: Fix typo in PARALLAX_E and reformat new feature macros 2025-07-18 09:31:09 +00:00
block blk-cgroup: properly pin the parent in blkcg_css_online 2025-04-23 10:56:15 +00:00
certs certs/blacklist_hashes.c: fix const confusion in certs blacklist 2022-06-22 14:13:17 +02:00
crypto KEYS: asymmetric: properly validate hash_algo and encoding 2024-10-22 17:41:35 +08:00
drivers nvme: drop unused variable ctrl in nvme_setup_cmd 2025-07-31 02:49:39 +00:00
fs f2fs: fix to avoid NULL pointer dereference f2fs_write_end_io() 2025-08-01 11:21:00 +08:00
include anolis: Revert "net: missing check virtio" 2025-07-15 21:01:45 +08:00
init init/main.c: Fix potential static_command_line memory overflow 2024-12-27 08:24:51 +00:00
io_uring anolis: io_uring: fix out-of-bound io_op_defs access in io_init_req 2025-04-09 09:02:53 +00:00
ipc memcg: enable accounting of ipc resources 2023-03-18 02:22:59 +00:00
kernel anolis: sched: don't account util_est for each cfs_rq when group_balancer disabled 2025-07-21 02:35:12 +00:00
lib dyndbg: fix old BUG_ON in >control parser 2025-02-05 07:36:47 +00:00
mm anolis: mm: honor THP defrag setting for direct file collapse 2025-07-31 03:33:28 +00:00
net anolis: net/smc: fix the issue of server fallback failure 2025-06-16 16:58:53 +08:00
samples vfio/mtty: Enable migration support 2025-07-10 16:22:26 +08:00
scripts locking: Introduce __cleanup() based infrastructure 2025-04-16 01:34:16 +00:00
security security/keys: fix slab-out-of-bounds in key_task_permission 2025-03-27 09:41:10 +00:00
sound anolis: sw64: sound: fix compile error when CONFIG_SND_DUMMY=y 2025-06-05 06:59:14 +00:00
tools selftests/bpf: Update EFAULT {g,s}etsockopt selftests 2025-07-17 07:35:44 +00:00
usr usr/include/Makefile: add linux/nfc.h to the compile-test coverage 2022-02-01 17:25:48 +01:00
virt KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() 2025-07-11 15:16:17 +08:00
.clang-format RDMA 5.10 pull request 2020-10-17 11:18:18 -07:00
.cocciconfig scripts: add Linux .cocciconfig for coccinelle 2016-07-22 12:13:39 +02:00
.get_maintainer.ignore Opt out of scripts/get_maintainer.pl 2019-05-16 10:53:40 -07:00
.gitattributes .gitattributes: use 'dts' diff driver for dts files 2019-12-04 19:44:11 -08:00
.gitignore kbuild: generate Module.symvers only when vmlinux exists 2021-05-19 10:12:59 +02:00
.mailmap mailmap: add two more addresses of Uwe Kleine-König 2020-12-06 10:19:07 -08:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS MAINTAINERS: Move Jason Cooper to CREDITS 2020-11-30 10:20:34 +01:00
Kbuild kbuild: rename hostprogs-y/always to hostprogs/always-y 2020-02-04 01:53:07 +09:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS configfs-tsm: Introduce a shared ABI for attestation reports 2025-04-16 01:34:16 +00:00
Makefile kbuild: Drop -Wdeclaration-after-statement 2025-04-16 01:34:16 +00:00
README Drop all 00-INDEX files from Documentation/ 2018-09-09 15:08:58 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.