Commit 2e98d924 authored Nov 05, 2024 by Chao Yu Committed by Gu Bowen Nov 05, 2024

f2fs: fix to check atomic_file in f2fs ioctl interfaces

stable inclusion
from stable-v6.1.113
commit 26b07bd2e1f124b0e430c8d250023f7205c549c3
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAYQSF
CVE: CVE-2024-49859

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=26b07bd2e1f124b0e430c8d250023f7205c549c3



--------------------------------

commit bfe5c02654261bfb8bd9cb174a67f3279ea99e58 upstream.

Some f2fs ioctl interfaces like f2fs_ioc_set_pin_file(),
f2fs_move_file_range(), and f2fs_defragment_range() missed to
check atomic_write status, which may cause potential race issue,
fix it.

Cc: stable@vger.kernel.org
Signed-off-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Conflicts:
	fs/f2fs/file.c
[There is context conflicts due to commit d6dd477436957(f2fs: do not allow
to defragment files have FI_COMPRESS_RELEASED) not merge in
f2fs_defragment_range().]
Signed-off-by: Gu Bowen <gubowen5@huawei.com>

parent 6c173ff8

fs/f2fs/file.c

+15 −0

Original line number	Diff line number	Diff line
		@@ -2614,6 +2614,11 @@ static int f2fs_defragment_range(struct f2fs_sb_info *sbi,

		inode_lock(inode);

		if (f2fs_is_atomic_file(inode)) {
		err = -EINVAL;
		goto out;
		}

		/* writeback all dirty pages in the range */
		err = filemap_write_and_wait_range(inode->i_mapping, range->start,
		range->start + range->len - 1);
		@@ -2826,6 +2831,11 @@ static int f2fs_move_file_range(struct file *file_in, loff_t pos_in,
		goto out_unlock;
		}

		if (f2fs_is_atomic_file(src) \|\| f2fs_is_atomic_file(dst)) {
		ret = -EINVAL;
		goto out_unlock;
		}

		ret = -EINVAL;
		if (pos_in + len > src->i_size \|\| pos_in + len < pos_in)
		goto out_unlock;
		@@ -3273,6 +3283,11 @@ static int f2fs_ioc_set_pin_file(struct file *filp, unsigned long arg)
		goto out;
		}

		if (f2fs_is_atomic_file(inode)) {
		ret = -EINVAL;
		goto out;
		}

		if (!pin) {
		clear_inode_flag(inode, FI_PIN_FILE);
		f2fs_i_gc_failures_write(inode, 0);