CVE-2024-27036

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> cifs: Fix writeback data corruption<br /> <br /> cifs writeback doesn&amp;#39;t correctly handle the case where<br /> cifs_extend_writeback() hits a point where it is considering an additional<br /> folio, but this would overrun the wsize - at which point it drops out of<br /> the xarray scanning loop and calls xas_pause(). The problem is that<br /> xas_pause() advances the loop counter - thereby skipping that page.<br /> <br /> What needs to happen is for xas_reset() to be called any time we decide we<br /> don&amp;#39;t want to process the page we&amp;#39;re looking at, but rather send the<br /> request we are building and start a new one.<br /> <br /> Fix this by copying and adapting the netfslib writepages code as a<br /> temporary measure, with cifs writeback intending to be offloaded to<br /> netfslib in the near future.<br /> <br /> This also fixes the issue with the use of filemap_get_folios_tag() causing<br /> retry of a bunch of pages which the extender already dealt with.<br /> <br /> This can be tested by creating, say, a 64K file somewhere not on cifs<br /> (otherwise copy-offload may get underfoot), mounting a cifs share with a<br /> wsize of 64000, copying the file to it and then comparing the original file<br /> and the copy:<br /> <br /> dd if=/dev/urandom of=/tmp/64K bs=64k count=1<br /> mount //192.168.6.1/test /mnt -o user=...,pass=...,wsize=64000<br /> cp /tmp/64K /mnt/64K<br /> cmp /tmp/64K /mnt/64K<br /> <br /> Without the fix, the cmp fails at position 64000 (or shortly thereafter).