We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-56586

f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode.



Description

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode. creating a large files during checkpoint disable until it runs out of space and then delete it, then remount to enable checkpoint again, and then unmount the filesystem triggers the f2fs_bug_on as below: ------------[ cut here ]------------ kernel BUG at fs/f2fs/inode.c:896! CPU: 2 UID: 0 PID: 1286 Comm: umount Not tainted 6.11.0-rc7-dirty #360 Oops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI RIP: 0010:f2fs_evict_inode+0x58c/0x610 Call Trace: __die_body+0x15/0x60 die+0x33/0x50 do_trap+0x10a/0x120 f2fs_evict_inode+0x58c/0x610 do_error_trap+0x60/0x80 f2fs_evict_inode+0x58c/0x610 exc_invalid_op+0x53/0x60 f2fs_evict_inode+0x58c/0x610 asm_exc_invalid_op+0x16/0x20 f2fs_evict_inode+0x58c/0x610 evict+0x101/0x260 dispose_list+0x30/0x50 evict_inodes+0x140/0x190 generic_shutdown_super+0x2f/0x150 kill_block_super+0x11/0x40 kill_f2fs_super+0x7d/0x140 deactivate_locked_super+0x2a/0x70 cleanup_mnt+0xb3/0x140 task_work_run+0x61/0x90 The root cause is: creating large files during disable checkpoint period results in not enough free segments, so when writing back root inode will failed in f2fs_enable_checkpoint. When umount the file system after enabling checkpoint, the root inode is dirty in f2fs_evict_inode function, which triggers BUG_ON. The steps to reproduce are as follows: dd if=/dev/zero of=f2fs.img bs=1M count=55 mount f2fs.img f2fs_dir -o checkpoint=disable:10% dd if=/dev/zero of=big bs=1M count=50 sync rm big mount -o remount,checkpoint=enable f2fs_dir umount f2fs_dir Let's redirty inode when there is not free segments during checkpoint is disable.

Reserved 2024-12-27 | Published 2024-12-27 | Updated 2025-01-20 | Assigner Linux

Product status

Default status
unaffected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before ac8aaf78bd039fa1be0acaa8e84a56499f79d721
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before dff561e4060d28edc9a2960d4a87f3c945a96aa3
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before a365de2fbfbe1e6740bfb75ab5c3245cf7bbe4d7
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before ef517d2d21c3d8e2ad35b2bb728bd1c90a31e617
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 9669b28f81e0ec6305af7773846fbe2cef1e7d61
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 9e28513fd2858911dcf47b84160a8824587536b6
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before d5c367ef8287fb4d235c46a2f8c8d68715f3a0ca
affected

Default status
affected

5.4.287
unaffected

5.10.231
unaffected

5.15.174
unaffected

6.1.120
unaffected

6.6.66
unaffected

6.12.5
unaffected

6.13
unaffected

References

git.kernel.org/...c/ac8aaf78bd039fa1be0acaa8e84a56499f79d721

git.kernel.org/...c/dff561e4060d28edc9a2960d4a87f3c945a96aa3

git.kernel.org/...c/a365de2fbfbe1e6740bfb75ab5c3245cf7bbe4d7

git.kernel.org/...c/ef517d2d21c3d8e2ad35b2bb728bd1c90a31e617

git.kernel.org/...c/9669b28f81e0ec6305af7773846fbe2cef1e7d61

git.kernel.org/...c/9e28513fd2858911dcf47b84160a8824587536b6

git.kernel.org/...c/d5c367ef8287fb4d235c46a2f8c8d68715f3a0ca

cve.org (CVE-2024-56586)

nvd.nist.gov (CVE-2024-56586)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-56586

Support options

Helpdesk Chat, Email, Knowledgebase
Subscribe to our newsletter to learn more about our work.