CVE-2024-35844 Information

Description

In the Linux kernel the following vulnerability has been resolved:

f2fs: compress: fix reserve_cblocks counting error when out of space

When a file only needs one direct_node performing the following operations will cause the file to be unrepairable:

unisoc ./f2fs_io compress test.apk unisoc df -h | grep dm-48 /dev/block/dm-48 112G 112G 1.2M 100% /data

unisoc ./f2fs_io release_cblocks test.apk 924 unisoc df -h | grep dm-48 /dev/block/dm-48 112G 112G 4.8M 100% /data

unisoc dd if=/dev/random of=file4 bs=1M count=3 3145728 bytes (3.0 M) copied 0.025 s 120 M/s unisoc df -h | grep dm-48 /dev/block/dm-48 112G 112G 1.8M 100% /data

unisoc ./f2fs_io reserve_cblocks test.apk F2FS_IOC_RESERVE_COMPRESS_BLOCKS failed: No space left on device

adb reboot unisoc df -h | grep dm-48 /dev/block/dm-48 112G 112G 11M 100% /data unisoc ./f2fs_io reserve_cblocks test.apk 0

This is because the file has only one direct_node. After returning to -ENOSPC reserved_blocks += ret will not be executed. As a result the reserved_blocks at this time is still 0 which is not the real number of reserved blocks. Therefore fsck cannot be set to repair the file.

After this patch the fsck flag will be set to fix this problem.

unisoc df -h | grep dm-48 /dev/block/dm-48 112G 112G 1.8M 100% /data unisoc ./f2fs_io reserve_cblocks test.apk F2FS_IOC_RESERVE_COMPRESS_BLOCKS failed: No space left on device

adb reboot then fsck will be executed unisoc df -h | grep dm-48 /dev/block/dm-48 112G 112G 11M 100% /data unisoc ./f2fs_io reserve_cblocks test.apk 924

Reference

https://git.kernel.org/stable/c/fa3ac8b1a227d9b470b87972494293348b5839ee https://git.kernel.org/stable/c/889846dfc8ee2cf31148a44bfd2faeb2faadc685 https://git.kernel.org/stable/c/f0bf89e84c3afb79d7a3a9e4bc853ad6a3245c0a https://git.kernel.org/stable/c/569c198c9e2093fd29cc071856a4e548fda506bc https://git.kernel.org/stable/c/fc0aed88afbf6f606205129a7466eebdf528e3f3 https://git.kernel.org/stable/c/2f6d721e14b69d6e1251f69fa238b48e8374e25f