In f2fs_do_write_data_page, FI_ATOMIC_FILE flag selects the target inode
between the original inode and COW inode. When aborting atomic write and
writeback occur simultaneously, invalid data can be written to original
inode if the FI_ATOMIC_FILE flag is cleared meanwhile.
To prevent the problem,
In f2fs_update_inode, i_size of the atomic file isn't updated until
FI_ATOMIC_COMMITTED flag is set. When committing atomic write right
after the writeback of the inode, i_size of the raw inode will not be
updated. It can cause the atomicity corruption due to a mismatch between
old file size and
#syz test git://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git wip
On 2024/1/15 17:12, syzbot wrote:
Hello,
syzbot found the following issue on:
HEAD commit:052d534373b7 Merge tag 'exfat-for-6.8-rc1' of git://git.ke..
git tree: upstream
console output:
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any
issue:
Reported-and-tested-by: syzbot+763afad57075d3f86...@syzkaller.appspotmail.com
Tested on:
commit: 51fc665a f2fs: fix to avoid use-after-free issue in f2..
git tree:
Reviewed-by: Daeho Jeong
On Wed, Mar 13, 2024 at 4:37 AM Sunmin Jeong wrote:
>
> In f2fs_update_inode, i_size of the atomic file isn't updated until
> FI_ATOMIC_COMMITTED flag is set. When committing atomic write right
> after the writeback of the inode, i_size of the raw inode will not be
>
Reviewed-by: Daeho Jeong
On Wed, Mar 13, 2024 at 4:29 AM Sunmin Jeong wrote:
>
> In f2fs_do_write_data_page, FI_ATOMIC_FILE flag selects the target inode
> between the original inode and COW inode. When aborting atomic write and
> writeback occur simultaneously, invalid data can be written to
syzbot reports a f2fs bug as below:
BUG: KASAN: slab-use-after-free in f2fs_filemap_fault+0xd1/0x2c0
fs/f2fs/file.c:49
Read of size 8 at addr 88807bb22680 by task syz-executor184/5058
CPU: 0 PID: 5058 Comm: syz-executor184 Not tainted
6.7.0-syzkaller-09928-g052d534373b7 #0
Hardware name:
On 2024/3/13 9:31, Jaegeuk Kim wrote:
On 03/12, Ed Tsai (蔡宗軒) wrote:
On Mon, 2024-01-15 at 20:05 +0800, Hillf Danton wrote:
...
--- x/fs/f2fs/file.c
+++ y/fs/f2fs/file.c
@@ -39,6 +39,7 @@
static vm_fault_t f2fs_filemap_fault(struct vm_fault *vmf)
{
struct inode *inode =
Eugen Hristev writes:
> +void f2fs_free_casefolded_name(struct f2fs_filename *fname)
> +{
> + unsigned char *buf = (unsigned char *)fname->cf_name.name;
> +
> + kmem_cache_free(f2fs_cf_name_slab, buf);
> + fname->cf_name.name = NULL;
In my previous review, I mentioned you could drop
Eugen Hristev writes:
> From: Gabriel Krisman Bertazi
>
> generic_ci_match can be used by case-insensitive filesystems to compare
> strings under lookup with dirents in a case-insensitive way. This
> function is currently reimplemented by each filesystem supporting
> casefolding, so this
10 matches
Mail list logo