Hello,
Please picked up this patch for linux 4.4.
This fixes CVE-2017-18241. This has been fixed in linux 4.9.144.
Thank.
[ Upstream commit d4fdf8ba0e5808ba9ad6b44337783bd9935e0982 ]
From: Yunlei He <heyunlei@xxxxxxxxxx>
Date: Thu, 1 Jun 2017 16:43:51 +0800
Subject: [PATCH] f2fs: fix a panic caused by NULL flush_cmd_control
Mount fs with option noflush_merge, boot failed for illegal address
fcc in function f2fs_issue_flush:
if (!test_opt(sbi, FLUSH_MERGE)) {
ret = submit_flush_wait(sbi);
atomic_inc(&fcc->issued_flush); -> Here, fcc illegal
return ret;
}
Signed-off-by: Yunlei He <heyunlei@xxxxxxxxxx>
Signed-off-by: Jaegeuk Kim <jaegeuk@xxxxxxxxxx>
[bwh: Backported to 4.9: adjust context]
---
fs/f2fs/segment.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/fs/f2fs/segment.c
+++ b/fs/f2fs/segment.c
@@ -488,6 +488,9 @@ int create_flush_cmd_control(struct f2fs
init_waitqueue_head(&fcc->flush_wait_queue);
init_llist_head(&fcc->issue_list);
SM_I(sbi)->cmd_control_info = fcc;
+ if (!test_opt(sbi, FLUSH_MERGE))
+ return err;
+
fcc->f2fs_issue_flush = kthread_run(issue_flush_thread, sbi,
"f2fs_flush-%u:%u", MAJOR(dev), MINOR(dev));
if (IS_ERR(fcc->f2fs_issue_flush)) {
@@ -2534,7 +2537,7 @@ int build_segment_manager(struct f2fs_sb
INIT_LIST_HEAD(&sm_info->sit_entry_set);
- if (test_opt(sbi, FLUSH_MERGE) && !f2fs_readonly(sbi->sb)) {
+ if (!f2fs_readonly(sbi->sb)) {
err = create_flush_cmd_control(sbi);
if (err)
return err;
