From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from sub-82-64-64-92.proxad.net ([82.64.64.92]:32910 "EHLO mail.opensec.fr" rhost-flags-OK-FAIL-OK-OK) by vger.kernel.org with ESMTP id S1726344AbeLORV4 (ORCPT ); Sat, 15 Dec 2018 12:21:56 -0500 Date: Sat, 15 Dec 2018 18:21:54 +0100 From: Loic To: stable@vger.kernel.org Cc: heyunlei@huawei.com, jaegeuk@kernel.org Subject: [PATCH] f2fs: fix a panic caused by NULL flush_cmd_control Message-Id: <20181215182154.a8d9e1dad259dee57d12b7d2@opensec.fr> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: stable-owner@vger.kernel.org List-ID: Hello, Please picked up this patch for linux 4.4. This fixes CVE-2017-18241. This has been fixed in linux 4.9.144. Thank. [ Upstream commit d4fdf8ba0e5808ba9ad6b44337783bd9935e0982 ] From: Yunlei He Date: Thu, 1 Jun 2017 16:43:51 +0800 Subject: [PATCH] f2fs: fix a panic caused by NULL flush_cmd_control Mount fs with option noflush_merge, boot failed for illegal address fcc in function f2fs_issue_flush: if (!test_opt(sbi, FLUSH_MERGE)) { ret = submit_flush_wait(sbi); atomic_inc(&fcc->issued_flush); -> Here, fcc illegal return ret; } Signed-off-by: Yunlei He Signed-off-by: Jaegeuk Kim [bwh: Backported to 4.9: adjust context] --- fs/f2fs/segment.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) --- a/fs/f2fs/segment.c +++ b/fs/f2fs/segment.c @@ -488,6 +488,9 @@ int create_flush_cmd_control(struct f2fs init_waitqueue_head(&fcc->flush_wait_queue); init_llist_head(&fcc->issue_list); SM_I(sbi)->cmd_control_info = fcc; + if (!test_opt(sbi, FLUSH_MERGE)) + return err; + fcc->f2fs_issue_flush = kthread_run(issue_flush_thread, sbi, "f2fs_flush-%u:%u", MAJOR(dev), MINOR(dev)); if (IS_ERR(fcc->f2fs_issue_flush)) { @@ -2534,7 +2537,7 @@ int build_segment_manager(struct f2fs_sb INIT_LIST_HEAD(&sm_info->sit_entry_set); - if (test_opt(sbi, FLUSH_MERGE) && !f2fs_readonly(sbi->sb)) { + if (!f2fs_readonly(sbi->sb)) { err = create_flush_cmd_control(sbi); if (err) return err;