github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-01 02:53:36 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
79bbefb19f
linux/fs/f2fs
History
Chao Yu 79bbefb19f f2fs: fix NULL pointer dereference in f2fs_verity_work() 
If both compression and fsverity feature is on, generic/572 will
report below NULL pointer dereference bug.

 BUG: kernel NULL pointer dereference, address: 0000000000000018
 RIP: 0010:f2fs_verity_work+0x60/0x90 [f2fs]
 #PF: supervisor read access in kernel mode
 Workqueue: fsverity_read_queue f2fs_verity_work [f2fs]
 RIP: 0010:f2fs_verity_work+0x60/0x90 [f2fs]
 Call Trace:
  process_one_work+0x16c/0x3f0
  worker_thread+0x4c/0x440
  ? rescuer_thread+0x350/0x350
  kthread+0xf8/0x130
  ? kthread_unpark+0x70/0x70
  ret_from_fork+0x35/0x40

There are two issue in f2fs_verity_work():
- it needs to traverse and verify all pages in bio.
- if pages in bio belong to non-compressed cluster, accessing
decompress IO context stored in page private will cause NULL
pointer dereference.

Fix them.

Signed-off-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
2020-03-30 20:46:25 -07:00
..
acl.c f2fs: Replace spaces with tab 2019-05-08 21:23:11 -07:00
acl.h f2fs: add SPDX license identifiers 2018-09-12 13:07:10 -07:00
checkpoint.c f2fs: Add a new CP flag to help fsck fix resize SPO issues 2020-03-22 21:16:28 -07:00
compress.c f2fs: fix NULL pointer dereference in f2fs_verity_work() 2020-03-30 20:46:25 -07:00
data.c f2fs: fix NULL pointer dereference in f2fs_verity_work() 2020-03-30 20:46:25 -07:00
debug.c f2fs: show mounted time 2020-03-19 11:41:25 -07:00
dir.c f2fs: clean up f2fs_may_encrypt() 2020-03-30 20:46:24 -07:00
extent_cache.c f2fs: introduce f2fs_<level> macros to wrap f2fs_printk() 2019-07-02 15:40:40 -07:00
f2fs.h f2fs: don't trigger data flush in foreground operation 2020-03-30 20:46:24 -07:00
file.c f2fs: fix to show tracepoint correctly 2020-03-19 11:41:26 -07:00
gc.c f2fs: don't trigger data flush in foreground operation 2020-03-30 20:46:24 -07:00
gc.h f2fs: add SPDX license identifiers 2018-09-12 13:07:10 -07:00
hash.c f2fs: Support case-insensitive file name lookups 2019-08-23 07:57:13 -07:00
inline.c f2fs: convert inline_dir early before starting rename 2020-01-17 16:48:42 -08:00
inode.c f2fs: introduce DEFAULT_IO_TIMEOUT 2020-03-19 11:41:26 -07:00
Kconfig f2fs-for-5.6 2020-01-30 15:39:24 -08:00
Makefile f2fs: support data compression 2020-01-17 16:48:07 -08:00
namei.c f2fs: don't call fscrypt_get_encryption_info() explicitly in f2fs_tmpfile() 2020-03-30 20:46:24 -07:00
node.c f2fs: don't trigger data flush in foreground operation 2020-03-30 20:46:24 -07:00
node.h f2fs: check PageWriteback flag for ordered case 2018-12-26 15:16:56 -08:00
recovery.c f2fs: introduce DEFAULT_IO_TIMEOUT 2020-03-19 11:41:26 -07:00
segment.c f2fs: don't trigger data flush in foreground operation 2020-03-30 20:46:24 -07:00
segment.h f2fs: show mounted time 2020-03-19 11:41:25 -07:00
shrinker.c f2fs: fix inconsistent comments 2020-03-10 09:18:33 -07:00
super.c f2fs: fix NULL pointer dereference in f2fs_write_begin() 2020-03-30 20:46:24 -07:00
sysfs.c f2fs: show mounted time 2020-03-19 11:41:25 -07:00
trace.c f2fs: do not use mutex lock in atomic context 2019-03-05 19:58:06 -08:00
trace.h f2fs: add SPDX license identifiers 2018-09-12 13:07:10 -07:00
verity.c fs-verity: implement readahead of Merkle tree pages 2020-01-14 13:27:32 -08:00
xattr.c f2fs: use kmem_cache pool during inline xattr lookups 2020-03-22 21:16:27 -07:00
xattr.h f2fs: xattr.h: Replace zero-length array with flexible-array member 2020-03-22 21:16:29 -07:00