+4
−1
+3
−0
Loading
f2fs: invalidate META_MAPPING before IPU/DIO write
mainline inclusion from mainline-v5.16-rc1 commit e3b49ea3 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9HKE5 CVE: CVE-2024-26869 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=e3b49ea36802053f312013fd4ccb6e59920a9f76 -------------------------------- Encrypted pages during GC are read and cached in META_MAPPING. However, due to cached pages in META_MAPPING, there is an issue where newly written pages are lost by IPU or DIO writes. Thread A - f2fs_gc() Thread B /* phase 3 */ down_write(i_gc_rwsem) ra_data_block() ---- (a) up_write(i_gc_rwsem) f2fs_direct_IO() : - down_read(i_gc_rwsem) - __blockdev_direct_io() - get_data_block_dio_write() - f2fs_dio_submit_bio() ---- (b) - up_read(i_gc_rwsem) /* phase 4 */ down_write(i_gc_rwsem) move_data_block() ---- (c) up_write(i_gc_rwsem) (a) In phase 3 of f2fs_gc(), up-to-date page is read from storage and cached in META_MAPPING. (b) In thread B, writing new data by IPU or DIO write on same blkaddr as read in (a). cached page in META_MAPPING become out-dated. (c) In phase 4 of f2fs_gc(), out-dated page in META_MAPPING is copied to new blkaddr. In conclusion, the newly written data in (b) is lost. To address this issue, invalidating pages in META_MAPPING before IPU or DIO write. Fixes: 6aa58d8a ("f2fs: readahead encrypted block during GC") Signed-off-by:Hyeong-Jun Kim <hj514.kim@samsung.com> Reviewed-by: