In the Linux kernel, the following vulnerability has been resolved:

f2fs: fix null-ptr-deref in f2fsgetdnodeofdata

There is issue as follows when test f2fs atomic write: F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock F2FS-fs (loop0): invalid crcoffset: 0 F2FS-fs (loop0): f2fschecknidrange: out-of-range nid=1, run fsck to fix.

F2FS-fs (loop0): f2fschecknid_range: out-of-range nid=2, run fsck to fix.

BUG: KASAN: null-ptr-deref in f2fsgetdnodeofdata+0xac/0x16d0 Read of size 8 at addr 0000000000000028 by task rep/1990

CPU: 4 PID: 1990 Comm: rep Not tainted 5.19.0-rc6-next-20220715 #266 Call Trace: <TASK> dumpstacklvl+0x6e/0x91 printreport.cold+0x49a/0x6bb kasanreport+0xa8/0x130 f2fsgetdnodeofdata+0xac/0x16d0 f2fsdowritedatapage+0x2a5/0x1030 movedatapage+0x3c5/0xdf0 dogarbagecollect+0x2015/0x36c0 f2fsgc+0x554/0x1d30 f2fsbalancefs+0x7f5/0xda0 f2fswritesingledatapage+0xb66/0xdc0 f2fswritecachepages+0x716/0x1420 f2fswritedatapages+0x84f/0x9a0 dowritepages+0x130/0x3a0 filemapfdatawritewbc+0x87/0xa0 filewriteandwaitrange+0x157/0x1c0 f2fsdosyncfile+0x206/0x12d0 f2fssyncfile+0x99/0xc0 vfsfsyncrange+0x75/0x140 f2fsfilewriteiter+0xd7b/0x1850 vfswrite+0x645/0x780 ksyswrite+0xf1/0x1e0 dosyscall64+0x3b/0x90 entrySYSCALL64afterhwframe+0x63/0xcd

As 3db1de0e582c commit changed atomic write way which new a cowinode for atomic write file, and also mark cowinode as FIATOMICFILE. When f2fsdowritedatapage write cowinode will use cowinode's cowinode which is NULL. Then will trigger null-ptr-deref. To solve above issue, introduce FICOW_FILE flag for COW inode.

Fiexes: 3db1de0e582c("f2fs: change the current atomic write way")