CVE-2024-44942

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> f2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC<br /> <br /> syzbot reports a f2fs bug as below:<br /> <br /> ------------[ cut here ]------------<br /> kernel BUG at fs/f2fs/inline.c:258!<br /> CPU: 1 PID: 34 Comm: kworker/u8:2 Not tainted 6.9.0-rc6-syzkaller-00012-g9e4bc4bcae01 #0<br /> RIP: 0010:f2fs_write_inline_data+0x781/0x790 fs/f2fs/inline.c:258<br /> Call Trace:<br /> f2fs_write_single_data_page+0xb65/0x1d60 fs/f2fs/data.c:2834<br /> f2fs_write_cache_pages fs/f2fs/data.c:3133 [inline]<br /> __f2fs_write_data_pages fs/f2fs/data.c:3288 [inline]<br /> f2fs_write_data_pages+0x1efe/0x3a90 fs/f2fs/data.c:3315<br /> do_writepages+0x35b/0x870 mm/page-writeback.c:2612<br /> __writeback_single_inode+0x165/0x10b0 fs/fs-writeback.c:1650<br /> writeback_sb_inodes+0x905/0x1260 fs/fs-writeback.c:1941<br /> wb_writeback+0x457/0xce0 fs/fs-writeback.c:2117<br /> wb_do_writeback fs/fs-writeback.c:2264 [inline]<br /> wb_workfn+0x410/0x1090 fs/fs-writeback.c:2304<br /> process_one_work kernel/workqueue.c:3254 [inline]<br /> process_scheduled_works+0xa12/0x17c0 kernel/workqueue.c:3335<br /> worker_thread+0x86d/0xd70 kernel/workqueue.c:3416<br /> kthread+0x2f2/0x390 kernel/kthread.c:388<br /> ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147<br /> ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244<br /> <br /> The root cause is: inline_data inode can be fuzzed, so that there may<br /> be valid blkaddr in its direct node, once f2fs triggers background GC<br /> to migrate the block, it will hit f2fs_bug_on() during dirty page<br /> writeback.<br /> <br /> Let&amp;#39;s add sanity check on F2FS_INLINE_DATA flag in inode during GC,<br /> so that, it can forbid migrating inline_data inode&amp;#39;s data block for<br /> fixing.