cve/published/2022/CVE-2022-49364.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2022-49364: f2fs: fix to clear dirty inode in f2fs_evict_inode()

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 f2fs: fix to clear dirty inode in f2fs_evict_inode()

 As Yanming reported in bugzilla:

 https://bugzilla.kernel.org/show_bug.cgi?id=215904

 The kernel message is shown below:

 kernel BUG at fs/f2fs/inode.c:825!
 Call Trace:
  evict+0x282/0x4e0
  __dentry_kill+0x2b2/0x4d0
  shrink_dentry_list+0x17c/0x4f0
  shrink_dcache_parent+0x143/0x1e0
  do_one_tree+0x9/0x30
  shrink_dcache_for_umount+0x51/0x120
  generic_shutdown_super+0x5c/0x3a0
  kill_block_super+0x90/0xd0
  kill_f2fs_super+0x225/0x310
  deactivate_locked_super+0x78/0xc0
  cleanup_mnt+0x2b7/0x480
  task_work_run+0xc8/0x150
  exit_to_user_mode_prepare+0x14a/0x150
  syscall_exit_to_user_mode+0x1d/0x40
  do_syscall_64+0x48/0x90

 The root cause is: inode node and dnode node share the same nid,
 so during f2fs_evict_inode(), dnode node truncation will invalidate
 its NAT entry, so when truncating inode node, it fails due to
 invalid NAT entry, result in inode is still marked as dirty, fix
 this issue by clearing dirty for inode and setting SBI_NEED_FSCK
 flag in filesystem.

 output from dump.f2fs:
 [print_node_info: 354] Node ID [0xf:15] is inode
 i_nid[0]                      		[0x       f : 15]

 The Linux kernel CVE team has assigned CVE-2022-49364 to this issue.


 Affected and fixed versions
 ===========================

 	Fixed in 5.4.198 with commit 54c116615c99e22aa08aa950757ed726e2f60821
 	Fixed in 5.10.121 with commit ccd58045beb997544b94558a9156be4742628491
 	Fixed in 5.15.46 with commit c9196d21359be8c7ee231029d13682273925fd00
 	Fixed in 5.17.14 with commit 03c9373b15fa1c245ec99b2b5e7ba209eae4ef42
 	Fixed in 5.18.3 with commit c469953917b319d415fd621b9e5d0ea5203565cd
 	Fixed in 5.19 with commit f2db71053dc0409fae785096ad19cce4c8a95af7

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2022-49364
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	fs/f2fs/inode.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/54c116615c99e22aa08aa950757ed726e2f60821
 	https://git.kernel.org/stable/c/ccd58045beb997544b94558a9156be4742628491
 	https://git.kernel.org/stable/c/c9196d21359be8c7ee231029d13682273925fd00
 	https://git.kernel.org/stable/c/03c9373b15fa1c245ec99b2b5e7ba209eae4ef42
 	https://git.kernel.org/stable/c/c469953917b319d415fd621b9e5d0ea5203565cd
 	https://git.kernel.org/stable/c/f2db71053dc0409fae785096ad19cce4c8a95af7
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2022-49364: f2fs: fix to clear dirty inode in f2fs_evict_inode()

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	f2fs: fix to clear dirty inode in f2fs_evict_inode()

	As Yanming reported in bugzilla:

	https://bugzilla.kernel.org/show_bug.cgi?id=215904

	The kernel message is shown below:

	kernel BUG at fs/f2fs/inode.c:825!
	Call Trace:
	evict+0x282/0x4e0
	__dentry_kill+0x2b2/0x4d0
	shrink_dentry_list+0x17c/0x4f0
	shrink_dcache_parent+0x143/0x1e0
	do_one_tree+0x9/0x30
	shrink_dcache_for_umount+0x51/0x120
	generic_shutdown_super+0x5c/0x3a0
	kill_block_super+0x90/0xd0
	kill_f2fs_super+0x225/0x310
	deactivate_locked_super+0x78/0xc0
	cleanup_mnt+0x2b7/0x480
	task_work_run+0xc8/0x150
	exit_to_user_mode_prepare+0x14a/0x150
	syscall_exit_to_user_mode+0x1d/0x40
	do_syscall_64+0x48/0x90

	The root cause is: inode node and dnode node share the same nid,
	so during f2fs_evict_inode(), dnode node truncation will invalidate
	its NAT entry, so when truncating inode node, it fails due to
	invalid NAT entry, result in inode is still marked as dirty, fix
	this issue by clearing dirty for inode and setting SBI_NEED_FSCK
	flag in filesystem.

	output from dump.f2fs:
	[print_node_info: 354] Node ID [0xf:15] is inode
	i_nid[0] [0x f : 15]

	The Linux kernel CVE team has assigned CVE-2022-49364 to this issue.


	Affected and fixed versions
	===========================

	Fixed in 5.4.198 with commit 54c116615c99e22aa08aa950757ed726e2f60821
	Fixed in 5.10.121 with commit ccd58045beb997544b94558a9156be4742628491
	Fixed in 5.15.46 with commit c9196d21359be8c7ee231029d13682273925fd00
	Fixed in 5.17.14 with commit 03c9373b15fa1c245ec99b2b5e7ba209eae4ef42
	Fixed in 5.18.3 with commit c469953917b319d415fd621b9e5d0ea5203565cd
	Fixed in 5.19 with commit f2db71053dc0409fae785096ad19cce4c8a95af7

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2022-49364
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	fs/f2fs/inode.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/54c116615c99e22aa08aa950757ed726e2f60821
	https://git.kernel.org/stable/c/ccd58045beb997544b94558a9156be4742628491
	https://git.kernel.org/stable/c/c9196d21359be8c7ee231029d13682273925fd00
	https://git.kernel.org/stable/c/03c9373b15fa1c245ec99b2b5e7ba209eae4ef42
	https://git.kernel.org/stable/c/c469953917b319d415fd621b9e5d0ea5203565cd
	https://git.kernel.org/stable/c/f2db71053dc0409fae785096ad19cce4c8a95af7