2.0 KiB
CVE-2024-35844
Description
In the Linux kernel, the following vulnerability has been resolved:f2fs: compress: fix reserve_cblocks counting error when out of spaceWhen a file only needs one direct_node, performing the followingoperations will cause the file to be unrepairable:unisoc # ./f2fs_io compress test.apkunisoc #df -h | grep dm-48/dev/block/dm-48 112G 112G 1.2M 100% /dataunisoc # ./f2fs_io release_cblocks test.apk924unisoc # df -h | grep dm-48/dev/block/dm-48 112G 112G 4.8M 100% /dataunisoc # dd if=/dev/random of=file4 bs=1M count=33145728 bytes (3.0 M) copied, 0.025 s, 120 M/sunisoc # df -h | grep dm-48/dev/block/dm-48 112G 112G 1.8M 100% /dataunisoc # ./f2fs_io reserve_cblocks test.apkF2FS_IOC_RESERVE_COMPRESS_BLOCKS failed: No space left on deviceadb rebootunisoc # df -h | grep dm-48/dev/block/dm-48 112G 112G 11M 100% /dataunisoc # ./f2fs_io reserve_cblocks test.apk0This is because the file has only one direct_node. After returningto -ENOSPC, reserved_blocks += ret will not be executed. As a result,the reserved_blocks at this time is still 0, which is not the realnumber of reserved blocks. Therefore, fsck cannot be set to repairthe file.After this patch, the fsck flag will be set to fix this problem.unisoc # df -h | grep dm-48/dev/block/dm-48 112G 112G 1.8M 100% /dataunisoc # ./f2fs_io reserve_cblocks test.apkF2FS_IOC_RESERVE_COMPRESS_BLOCKS failed: No space left on deviceadb reboot then fsck will be executedunisoc # df -h | grep dm-48/dev/block/dm-48 112G 112G 11M 100% /dataunisoc # ./f2fs_io reserve_cblocks test.apk924
POC
Reference
No PoCs from references.