From: Loic <hackurx@opensec.fr>
To: stable@vger.kernel.org
Cc: heyunlei@huawei.com, jaegeuk@kernel.org
Subject: [PATCH] f2fs: fix a panic caused by NULL flush_cmd_control
Date: Sat, 15 Dec 2018 18:21:54 +0100 [thread overview]
Message-ID: <20181215182154.a8d9e1dad259dee57d12b7d2@opensec.fr> (raw)
Hello,
Please picked up this patch for linux 4.4.
This fixes CVE-2017-18241. This has been fixed in linux 4.9.144.
Thank.
[ Upstream commit d4fdf8ba0e5808ba9ad6b44337783bd9935e0982 ]
From: Yunlei He <heyunlei@huawei.com>
Date: Thu, 1 Jun 2017 16:43:51 +0800
Subject: [PATCH] f2fs: fix a panic caused by NULL flush_cmd_control
Mount fs with option noflush_merge, boot failed for illegal address
fcc in function f2fs_issue_flush:
if (!test_opt(sbi, FLUSH_MERGE)) {
ret = submit_flush_wait(sbi);
atomic_inc(&fcc->issued_flush); -> Here, fcc illegal
return ret;
}
Signed-off-by: Yunlei He <heyunlei@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
[bwh: Backported to 4.9: adjust context]
---
fs/f2fs/segment.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/fs/f2fs/segment.c
+++ b/fs/f2fs/segment.c
@@ -488,6 +488,9 @@ int create_flush_cmd_control(struct f2fs
init_waitqueue_head(&fcc->flush_wait_queue);
init_llist_head(&fcc->issue_list);
SM_I(sbi)->cmd_control_info = fcc;
+ if (!test_opt(sbi, FLUSH_MERGE))
+ return err;
+
fcc->f2fs_issue_flush = kthread_run(issue_flush_thread, sbi,
"f2fs_flush-%u:%u", MAJOR(dev), MINOR(dev));
if (IS_ERR(fcc->f2fs_issue_flush)) {
@@ -2534,7 +2537,7 @@ int build_segment_manager(struct f2fs_sb
INIT_LIST_HEAD(&sm_info->sit_entry_set);
- if (test_opt(sbi, FLUSH_MERGE) && !f2fs_readonly(sbi->sb)) {
+ if (!f2fs_readonly(sbi->sb)) {
err = create_flush_cmd_control(sbi);
if (err)
return err;
next reply other threads:[~2018-12-15 17:21 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-15 17:21 Loic [this message]
2018-12-18 16:22 ` [PATCH] f2fs: fix a panic caused by NULL flush_cmd_control Greg KH
-- strict thread matches above, loose matches on Subject: below --
2017-06-01 8:43 Yunlei He
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181215182154.a8d9e1dad259dee57d12b7d2@opensec.fr \
--to=hackurx@opensec.fr \
--cc=heyunlei@huawei.com \
--cc=jaegeuk@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.