summaryrefslogtreecommitdiff
path: root/scripts/Makefile.thinlto
diff options
context:
space:
mode:
authorChao Yu <chao@kernel.org>2026-05-21 05:15:05 +0300
committerJaegeuk Kim <jaegeuk@kernel.org>2026-06-22 22:52:35 +0300
commite0288584baa5dc41df4a829a023c4c1b33fe53d7 (patch)
tree9d1727834165cba19ebd7ef60f194b7d97837165 /scripts/Makefile.thinlto
parent8b4468ec023d0d1b4669dfb867588997cc03a06b (diff)
downloadlinux-e0288584baa5dc41df4a829a023c4c1b33fe53d7.tar.xz
f2fs: atomic: fix UAF issue on f2fs_inode_info.atomic_inode
- ioctl(F2FS_IOC_GARBAGE_COLLECT_RANGE) - shrink - f2fs_gc - gc_data_segment - ra_data_block(cow_inode) - mapping = F2FS_I(inode)->atomic_inode->i_mapping : f2fs_is_cow_file(cow_inode) is true - f2fs_evict_inode(atomic_inode) - clear_inode_flag(fi->cow_inode, FI_COW_FILE) - F2FS_I(fi->cow_inode)->atomic_inode = NULL ... - truncate_inode_pages_final(atomic_inode) - f2fs_grab_cache_folio(mapping) : create folio in atomic_inode->mapping - clear_inode(atomic_inode) - BUG_ON(atomic_inode->i_data.nrpages) We need to add a reference on fi->atomic_inode before using its mapping field during garbage collection, otherwise, it will cause UAF issue. Cc: stable@kernel.org Cc: Daeho Jeong <daehojeong@google.com> Cc: Sunmin Jeong <s_min.jeong@samsung.com> Fixes: 3db1de0e582c ("f2fs: change the current atomic write way") Fixes: f18d00769336 ("f2fs: use meta inode for GC of COW file") Signed-off-by: Chao Yu <chao@kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Diffstat (limited to 'scripts/Makefile.thinlto')
0 files changed, 0 insertions, 0 deletions